on 03-25-2009 6:39 PM
Hi, ALL,
I have to send FTP files to and from outside server using like (SAP XI proxy>FTP, FTP>SAP Xi proxy). I would like to use secure FTP (FTPS). How I can configure it in both sender and receiver FTP adapter? Does the certificate at XI has to be signed by Trusted authority or I can do self signed? Does the outside server need to get the FTP certificate also? Can anybody provide step by step solution?
<promising_points_removed_by_moderator>
Thanks a lot!
Meiying
Hi,
It depends if the FTP server certificates are signed for a CA installed in TrustedCA view. The TrustedCA view is a netweaver administration option included in Keystore application.
For example, if the FTP server certificate is signed by verising, SAP contains the certificate of verising installed in TrustedCA, therefore you not have to do anything, but if the server certificate is a certificate created for you, you will have to install the CA wich you signed the certificate.
In my case, I put files into a FTPs server that have a certificate signed by verisign and I haven't to do anything in TrustedCA view because the CA was installed.
In FTP adapter you must to select the FTPS option to communicate to FTP server through SSL.
Best regards
Iván
Edited by: Carlos Ivan Prieto Rubio on Mar 25, 2009 8:10 PM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi, Carlos,
Thanks for the quick response. Sorry, I am a little bit confused. I am totally new on it. Let me clarify some of your answers.
1. In your response, the FTP server is the outside FTP server which I will get and put files?
2. "if the FTP server certificate is signed by verising, SAP contains the certificate of verising installed in TrustedCA," Does this FTP server certificate is installed in FTP server or in XI server?
3. what value do you put in the fields "Connection Security" and "Command Order" in communication channel configuration which use FTP adapter?
4. Did you check "Use X509 certificate for Client Authentication" and put the values in the fields " Keystore and X509 Certificate and Private Key?
5. Do I have to do certificate on both side (the FTP server and XI)?
Thank you very much!
Meiying
Hi,
1.- Yes.
2.- The FTP is a standalone server and the certificate must to be installed in FTP server.
3.- Tomorrow I will respose you this question because I´m not in my job now and I can´t open the Integration Directory.
4.- If the FTP server requires x509 certificate for login you must to add the certificate in Keystore, in my case I use basic login for that.
5.- Only in FTP side.
You're welcome
Best regards
Ivá
Hi Meiying,
Yes ,you can create a self certificate but in this case you must to install in TrustedCA the root Certificate which you sign your certificate.
For example:
1.- Create one CA- MyCompanyCA
2.- Create self certificate (MeiyingCert) signed by MyCompanyCA.
3.- Install the certificate MeyingCert in FTP server.
4.- Install in trustedCA (PI) MyCompanyCA certificate.
For do it you can to use OpenSSL or use SAP PI keystore for creating certificates and CAs.
That's all
Best Regards
Ivá
Hi Meiying,
In my case was test and error because I don't have access to FTP server config application, but the FTP servers usually have this configuration in the config application of this server. Test with Filezilla FTP Server (http://filezilla-project.org/), I remenber that this application have an option to configure this issue.
Best regards
Ivá
Hi, Meiying:
Check following documents:
Jin Shen's Web seminar presentation:
Also SAP Help doc:
http://help.sap.com/saphelp_erp2005/helpdata/en/e3/94007075cae04f930cc4c034e411e1/frameset.htm
http://help.sap.com/saphelp_erp2005/helpdata/en/bc/bb79d6061007419a081e58cbeaaf28/frameset.htm
Regards.
Liang
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
89 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.