cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HTTPS with SOAP adapter

Go to solution
Former Member

on ‎09-23-2008 8:37 PM

0 Kudos

Hi

Can someone clarify something for me:

HTTP with SSL without client authentication -> Is the information still encrypted the same way as with certificates? Do I need to set up something on the SAP/XI side when not using certificates?

If information still is encrypted, why are we using HTTPS with client authentication (certificates). What is the advantage of using certificates compared to user authentication?

Thanks. Your're the best!

regards Marianne

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎09-23-2008 9:35 PM
0 Kudos

Hi,

HTTP with SSL without client authentication -> Is the information still encrypted the same way as with certificates? Do I need to set up something on the SAP/XI side when not using certificates?

-->Encryption is differnt from Certificates, Encryption is done to the data that we are passing and Certificates are used for authentication to particular server,so there is no point that information will be encrypted while using certificates. so even we use certifacates we need to encrypt the data.

If information still is encrypted, why are we using HTTPS with client authentication (certificates).

-->we use HTTPS/SOAP for secure data transfer, client authentication is same for HTTP,HTTPS or SOAP.

What is the advantage of using certificates compared to user authentication?

--->Traditionally, users receive access to resources from an application or system based on their user name and password. You can further augment system security by using digital certificates (instead of user names and passwords) to authenticate and authorize sessions between many server applications and users. Also, you can use Digital Certificate Manager (DCM) to associate a user's certificate with that user's iSeries user profile. The certificate then has the same authorizations and permissions as the associated profile.

A digital certificate acts as an electronic credential and verifies that the person presenting it is truly who she claims to be. In this respect, a certificate is similar to a passport. Both establish an individual's identity, contain a unique number for identification purposes, and have a recognizable issuing authority that verifies the credential as authentic. In the case of a certificate, a Certificate Authority (CA) functions as the trusted, third party that issues the certificate and verifies it as an authentic credential.

For authentication purposes, certificates make use of a public key and a related private key. The issuing CA binds these keys, along with other information about the certificate owner, to the certificate itself for identification purposes.

Regards,

Chirumamilla.sukarna

Show replies
Show replies

Answers (0)

Ask a Question