Skip to main content

Celonis Product Documentation

Setting up the agents with SNC

To use Secure Network Communications (SNC) for SAP, use the scripts provided in the on-prem clients installation package.

Before you begin

  • Make sure that you have connected the agent to Celonis Platform.

  • We recommend that you run SAP automation without SNC. This will allow you to isolate any potential issues to the SNC component.

Windows

Creating your own Personal Security Environment (PSE) file and certificate in Windows is nearly identical to the process of doing it on Linux. See Linux. The difference is that you'll have to use batch files (defined under Shared/snc) instead of shell scripts. Here's an overview:

cd <on_prem_clients_path>/Shared/snc
snc_create_pse.bat "CN=<some_name>,OU=<org_unit>,O=<organization>,C=<country>" <your_password>
snc_add_pse_cert.bat <server_certificate_path> <your_password> LOCALSERVICE

The last argument (LOCALSERVICE) will use the Local Service account to add the credentials. By default, if no username is provided, the script will use the logged-in user to add the certificate. If you decide to start the agent as a Windows service without providing the LOCALSERVICE option, the service won't be able to use SNC because the service uses the Local Service account while the credentials have been created with a different user. In which case you would have to go to Windows services, select the agent service, go to Properties > Log On > This account and use the user you've run the script with.

Linux

  1. Run the following command to create the Personal Security Environment (PSE) file:

    ./snc_create_pse.sh "CN=<some_name>,OU=<org_unit>,O=<organization>,C=<country>" <your_password>

    This will create the RFC.pse and the RFC.crt files in the shared/sec directory. RFC.crt is the certificate that will act as a sort of public key which you'll have to import into your SAP system.

    After importing the agent's certificate into your SAP server, you can export the server's certificate and store it in a file.

  2. Once the server's certificate has been acquired, add it your newly-created PSE by running the following script in the shared/snc directory:

    ./snc_add_pse_cert.sh <server_certificate_path> <you_password>