Skip to Content

SAP with SNC connection guide


This guide describes the system requirements and instructions for connecting Vinyl to SAP using Secure Network Communication (SNC) encrypted authentication.

For more information please see the SAP Help Portal: Configuring the ABAP Connector to use SNC.

System requirements


  • SAP Cryptographic Library is installed on server

  • sapcrypto.dll exists on server

Client web browser

  • Chrome TM 60 or newer

  • Firefox ® 55 or newer

  • Safari ® 11.0.2 or newer


Before getting started configuring the Vinyl to SAP connection, first ensure that the SAP Cryptographic Library is installed and the sapcrypto.dll file exists on the server.

Download and install the SAP Crypto Library


Next you will set an environment variable to a SECUDIR folder. If needed, create a SECUDIR folder in the web app folder system.

Example: SECUDIR = D:\Programs\Vinyl\www\data\SECUDIR\SEC


Add SECUDIR to the path.

Set IIS Identity to a Windows user that will be used to set up the SAP Personal Security Environment (PSE). For this step we recommend you create a unique and dedicated windows user that will serve as the Custom Account for the IIS Identity setting. It is advised to not use a personal windows user like the screenshots are displaying.



A screenshot of a computer Description automatically generated

Run commands

Creating a Personal Security Environment

  • sapgenpse get_pse -p companyabc.pse -noreq "CN=COMPANYABC, OU=VINYL, O=CIF, C=US"

Creating Credentials for PSE

  • sapgenpse seclogin -p companyabc.pse -O {WINDOWS_USERNAME_HERE}


Exchanging the Public-Key Certificates

  • This is performed to mutually trust each other's certificates.

Exporting the Identity Center's Public Key Certificate

  • sapgenpse export_own_cert -o {ANY_DESTINATION_FILEPATH}\companyabc.crt -p companyabc.pse

Importing the AS ABAP's Public-Key Certicficate into the Identity Center's PSE

  • Move the Certificate that was provided by SAP (i.e. CIF.txt) to the SECUDIR folder so it can be referenced

  • sapgenpse maintain_pk -a {FILEPATH_TO}\Vinyl\www\data\SECUDIR\CIF.txt -p {FILEPATH_TO}\Vinyl\www\data\SECUDIR\SEC\companyabc.pse

Helpful commands

List the certificates:

  • sapgenpse maintain_pk -l

Delete the certificate:

  • sapgenpse maintain_pk -d 1

Get my name (username at OS level):

  • sapgenpse get_my_name -p companyabc.pse

Maintaining the Extended User ACL

  • Create user and set SNC name from the SAP Table SM30.


The page "Maintaining the Extended User ACL" from the linked SAP document lists out steps. Using table maintenance (for example, transaction SM30), maintain the USRACLEXT table.



Create user, for example ISAACMEISNER, using SU01. In the SNC tab enter an SNC name, in this case CN=COMPANYABC, OU=VINYL, O=CIF, C=US.


Setting SNC parameters in Advanced Settings of Vinyl Data Server Connection:



Vinyl data server connection

In Vinyl, you need to configure a Data Server connection. This connection requires the same information used by the SAP connection.

  1. Create an SAP Data Server from IDE > Data Servers > + Server

    • Server Name: Provide a name

    • Type: SAP ABAP over RFC

    • Host Name: Reference to the SAP Application Server. Example: cifhost

    • System Id or R3 Name: Reference to the SAP System ID (SID), represented by three characters. Example: CIF

    • System No: Reference to the SAP Instance Number. Example: 11

  2. Click Save


  3. Expand the Security Settings and enter the User Name and Password


Use the same credentials as the user created in SAP for the PSE

Graphical user interface, text, application Description automatically generated

Test the connection!

Click the Test Connection button from Testing.