Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

HTTPS with SOAP adapter

Hi

Can someone clarify something for me:

HTTP with SSL without client authentication -> Is the information still encrypted the same way as with certificates? Do I need to set up something on the SAP/XI side when not using certificates?

If information still is encrypted, why are we using HTTPS with client authentication (certificates). What is the advantage of using certificates compared to user authentication?

Thanks. Your're the best!

regards Marianne

replied

Hi,

HTTP with SSL without client authentication -> Is the information still encrypted the same way as with certificates? Do I need to set up something on the SAP/XI side when not using certificates?

-->Encryption is differnt from Certificates, Encryption is done to the data that we are passing and Certificates are used for authentication to particular server,so there is no point that information will be encrypted while using certificates. so even we use certifacates we need to encrypt the data.

If information still is encrypted, why are we using HTTPS with client authentication (certificates).

-->we use HTTPS/SOAP for secure data transfer, client authentication is same for HTTP,HTTPS or SOAP.

What is the advantage of using certificates compared to user authentication?

--->Traditionally, users receive access to resources from an application or system based on their user name and password. You can further augment system security by using digital certificates (instead of user names and passwords) to authenticate and authorize sessions between many server applications and users. Also, you can use Digital Certificate Manager (DCM) to associate a user's certificate with that user's iSeries user profile. The certificate then has the same authorizations and permissions as the associated profile.

A digital certificate acts as an electronic credential and verifies that the person presenting it is truly who she claims to be. In this respect, a certificate is similar to a passport. Both establish an individual's identity, contain a unique number for identification purposes, and have a recognizable issuing authority that verifies the credential as authentic. In the case of a certificate, a Certificate Authority (CA) functions as the trusted, third party that issues the certificate and verifies it as an authentic credential.

For authentication purposes, certificates make use of a public key and a related private key. The issuing CA binds these keys, along with other information about the certificate owner, to the certificate itself for identification purposes.

Regards,

Chirumamilla.sukarna

0 View this answer in context
Not what you were looking for? View more on this topic or Ask a question