R/3 and J2EE Setup for Digital Signature on Form 16 in HR Systems
Agenda 1. R/3 - Setup 1.1. Transaction code STRUST 1.2. Transaction code SM59 2. J2EE - Setup 2.1. Key Storage 2.2. Security Provider 2.3. SSL Provider 3. J2EE Document Services Configuration 3.1. Digital Signature File SAP 2009 / Page 2
Before you start the setup - 1. You should be on SAP ERP 6.0 or higher Release along with Adobe Document Server (ADS) 2. You should have a valid digital signature available with you, in supported format. For further information, refer to 1. SAP Note 1168740 2. URL: https://incometaxindiaefiling.gov.in/portal/faq.do Once these pre-requisites are met, you can start with set up needed on R/3 and J2EE server to get digitally signed Form 16. SAP 2009 / Page 3
R/3 Setup STRUST Transaction code: STRUST 1. Select the newly created SSL Client SOAPClient 2. Select Edit -> Create Certificate Request 3. Copy the Request and sign it (SAPNetCA) a) Select Edit -> Import Certificate Response and save b) Double click and select SSL Client SOAPClient option to load the certificate c) Add SSO_CA and SAPNetCA to Certificate List and save 4. Export Certificate as shown in the next slide SAP 2009 / Page 4
R/3 Setup STRUST In the lower frame, select Export Certificate option and save as Base64 SAP 2009 / Page 5
R/3 Setup SM59 Transaction code: SM59 -> HTTP Connection to External Server and create ADS_HTTPS In Technical Settings tab, Target Host -> Web-Dispatcher URL, no port Pay attention to the Path Prefix SAP 2009 / Page 6
R/3 Setup SM59 In the Logon & Security tab, maintain the sections as follows: SAP 2009 / Page 7
Agenda 1. R/3 - Setup 1.1. Transaction code STRUST 1.2. Transaction code SM59 2. J2EE - Setup 2.1. Key Storage 2.2. Security Provider 2.3. SSL Provider 3. J2EE Document Services Configuration 3.1. Digital Signature File SAP 2009 / Page 8
J2EE Key Storage Copy the certificate you saved earlier at OS level to the NW JAVA engine, to a directory that is accessible by the J2EE_admin user. We will need the certificate in the Visual Administrator. Steps: 1. Logon to the Visual Administrator with user J2EE_admin 2. Go to Server -> Services -> Key Storage a. Create a view with the name, 'ADSCerts'. b. Choose Load option to load the certificate. c. With the same mechanism also load this certificate into the TrustedCAs view. See next slides for screenshots SAP 2009 / Page 9
J2EE Key Storage SAP 2009 / Page 10
J2EE Key Storage SAP 2009 / Page 11
J2EE Security Provider Assign the certificate to the ADSUser. 1. Go to the security provider service 2. On the User management tab, select ADSUser in the Name field and select Change option. 3. In Certificates text box, choose Add option 4. Assign the certificate that you have just loaded to the ADSCerts view (See Screen shot) 5. Select Change option again. SAP 2009 / Page 12
J2EE Security Provider <Back> SAP 2009 / Page 13
J2EE SSL Provider Set up the SSL provider to request the ADS User's certificate Go to the SSL provider Service Open the HTTPS port of the J2EE engine and go to Client authentication tab. Add the certificate we loaded to the TrustedCAs to the list Ensure that you select the Request client certificate option It should look similar to the screenshot on the next slide: SAP 2009 / Page 14
J2ee SSL Provider SAP 2009 / Page 15
Agenda 1. R/3 - Setup 1.1. Transaction code STRUST 1.2. Transaction code SM59 2. J2EE - Setup 2.1. Key Storage 2.2. Security Provider 2.3. SSL Provider 3. J2EE Document Services Configuration 3.1. Digital Signature File SAP 2009 / Page 16
J2EE Document Services Configuration Digital Signature File You should have received a digital signature file called xxxxx.pfx and relevant password. You must copy this.pfx file, in our case Digisign.pfx, to the operating system of your J2EE server in the location as shown below: SAP 2009 / Page 17
J2EE Document Services Configuration Digital Signature File 1. In the Visual Administrator go to, Server -> Services -> Document Services Configuration 2. Maintain the lower part in the right frame as follows: 1. Set Type as P12 Record 2. In the Alias field, enter ServerSignature 3. In the P12 File field, browse and select your digital signature file 4. Leave the Sha1 field blank 5. Enter the password twice 6. Select the Add button See the next slide for screenshot. SAP 2009 / Page 18
J2EE Document Services Configuration SAP 2009 / Page 19
J2EE Document Services Configuration Your configuration should be like below: SAP 2009 / Page 20
Further Information SAP Note: 1168740 (Digital Signature for Form 16) Further information about setup: https://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/8185 India Income Tax department website reference to digital signature on Form 16: https://incometaxindiaefiling.gov.in/portal/faq.do SAP 2009 / Page 21
Copyright 2009 SAP AG All Rights Reserved No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, System z9, z10, z9, iseries, pseries, xseries, zseries, eserver, z/vm, z/os, i5/os, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBM Corporation. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a registered trademark of Sun Microsystems, Inc. JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP Business ByDesign, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects S.A. in the United States and in other countries. Business Objects is an SAP company. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warrant. SAP 2009 / Page 22