Enable Strust certificate expired alert automation
2023-11-5 17:32:35 Author: blogs.sap.com(查看原文) 阅读量:11 收藏

Need of Strust certificate expired alert Automation:-

  • In SAP system Strust/Strustsso2 contain all system internal and external certificates. Whenever  expiry date of these certificates comes closer or less then 30 days. System automatically push a given below warning message as a system message on login of end user every day. End user becomes irritate and alarmed every day.

Warning_message

Warning_message

  • To avoid any service stop due to certificate expire in advance we can get alert on Basis DL or any mail box.

Steps to build solution:-

We need to perform below steps to disable the warning message for end users and to configure these warning messages to Basis mail box.

First we need to find out how many certificates are going to expire soon. Run SE38/SA38 and click on execute button to run SSF_ALERT_CERTEXPIRE  report in the system as given below:-

SSF_ALERT_CERTEXPIRE_report

As given below click on hit Lock AutoABAP button.

then you will get notification in status bar that AutoABAP SSFALRTEXP has been deactivated. So, Now system will not send an system notification to all users using SM02 in future once any certificate will be going to expire.

Now as per the requirement we want to send these alerts to Basis admin or any Basis DL for any certificate was going to expire. So, He can take action accordingly to renew the certificate.

Steps are given below:-

  • Run the report  SSF_ALERT_CERTEXPIRE  using tcode SA38/SE38.
  • Enable check box for Replacement for AutoABAP.
  • Select check box in Warn (recipient list) as shown below and enter SAP user id . You can enter more than one user id by clicking right arrow key  as shown below.

Now we can create variant by clicking save button or in the menu path Goto –> Variant –>Save as Variant  as shown below.

Create a variant,  for example “ZCERTEXPIRE”,  System will send SAP mail to the designated user(s) listed on the recipient list to notify them of the alerts generated that their PSE certificate is about to expire.

Please make sure that required filed are checked as shown above and then click on save.

Now you can schedule this ZCERTEXPIRE Variant with program SSF_ALERT_CERTEXPIRE  in Background with daily periodicity on a specific time using SM36. As given below:-

With below Program and Variant information.

With below periodicity.

Job finished successfully  as given below:-

So, Now the user which you maintained in warn using recipient list will get the alert in mail box daily.

Conclusion:-

  • Now end users won’t receive any more notifications about expired certificates in future .
  • Basis responsible person will receive notification in advance to take appropriate action to renew certificate.

References:-

  • SAP Note 572035 – Warning about expired security certificates
  • SAP Note 588297 –  Warnings about security certificates in the system logs

文章来源: https://blogs.sap.com/2023/11/05/enable-strust-certificate-expired-alert-automation/
如有侵权请联系:admin#unsafe.sh