Configure SAP system to support principal propagation
The SSL server PSE contains the application server's security information. The PSE needs the information to communicate using SSL as the server component. For each SSL port that is activated (see the profile parameter icm/server_port_<xx>), set up a corresponding SSL server PSE to use.
The server's Distinguished Name is used to identify the server when a connection is established. If you have a system with multiple application server instances, use the following options to resolve the server identity:
- Use a single system-wide SSL server PSE where the Distinguished Name is the same for all servers.
- Use server-specific SSL server PSEs for individual application servers.
- Use a combination of both types. (Some application servers use a system-wide SSL server PSE, and other application servers use server-specific SSL server PSEs.)
SSL Setup—Creating the SSL Server PSE:
-
Click Create.
Figure 1. Create PSE 
-
Enter the Distinguished Name parts for a default SSL server PSE in the
corresponding fields. For the default SSL server PSE, use a wildcard character
(*) as the host name in the Name field.
For example,
- Name = *.mycompany.com
- Org. (opt.) = Test
- Comp./Org. = MyCompany
- Country = US
The system uses these components to build a default Distinguished Name to use for a system-wide PSE, and to build the server-specific names for individual PSEs.
The SSL Server screen appears where you can specify the individual application servers. Use the default Distinguished Name and system-wide SSL server PSE or individual PSEs. The default Distinguished Name appears in the Default PSE DN field. The server-specific Distinguished Names appear in the table in the Distinguished Name column.
Figure 2. SSL Server 
The system creates the SSL server PSEs and distributes them to the individual application servers.