cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PI 7.1 HTTPS Communication

Go to solution
Former Member

on ‎02-01-2011 3:16 AM

0 Kudos

Hi PI Experts,

We are enabling HTTPS communication in PI 7.1 EHP1 using CIDX adapter. We have nearly completed settings after going through several threads and sap help documentation.

1. Defined SSL parameters in RZ10 (ssl/pse_provider = Java and other parameters)

2. Created entry for private key (2048 key length) in ICM_SSL_<instance id> view of key storage in nwa. Generated CSR response, imported CSR response with CA containing private key, intermediate key.

3. Installed Public key of Partner certificate into ICM_SSL_<instance id> and Trusted CAs

4. Exported key to PSE

5. Restarted ICM

Inspite of completing the above configuration and installation of the certificates, still we are not able to complete HTTPS communication. We are facing two issues

(1) For outbound: HTTPException:Padding length error

(2) For inbound: Client is facing issue "HTTP/401 Unauthorized".

What is the service user that is utilized in HTTP communication with certificate logon in PI 7.1? Where do we see this service user? We expect that through nwa>>configuration management>> Identity Management>> for this service user need to apply PI private key and Client public key.

Please provide your inputs for resolution.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

baskar_gopalakrishnan2
Active Contributor
‎02-07-2011 8:03 PM
0 Kudos

>>> What is the service user that is utilized in HTTP communication with certificate logon in PI 7.1? Where do we see this service user?

Service User Example: PIAPPLUSER. Create user of this type and provide it to client. Client will login as this user with the certificate. HTTP 401 unauthorized is due to lnvalid logon credentials.

Help link for creating service users

http://help.sap.com/saphelp_nw04s/helpdata/en/d4/d12940cbf2195de10000000a1550b0/content.htm

Show replies
Show replies
Former Member
‎02-07-2011 9:16 PM
0 Kudos

Hi Baskar,

Thanks for the reply.

Inbound communication:

We did see this documentation earlier. As per the link, it says "In the Adapter Engine and PCK, only the security role xi_af_receiver of the J2EE component sap.com/com.sap.aii.af.ms.app*MessagingSystem allows the execution of incoming messages.

we strongly recommend that you create separate messaging users with the corresponding role representing individual business systems in a productive environment."

So we created a new user id for the purpose, through NWA Configuration Management>>Authentication, we could able find the policy configuration sap.com/com.sap.aii.af.ms.app*MessagingSystem. For this policy, we need add authentication log in as 'ClientCertLoginModule'. But we do not know how to add/specify this user id against this policy. Though we have added security role xi_af_receive for this user.

In brief we need to specify the server for this policy through certification logon use this new service user id? We want to know where it can be done.

Thanks,

Suraj Pabbathi

shivhare
Active Contributor
‎02-08-2011 10:46 AM
0 Kudos

I am not sure my suggestion is helpful for you or not or you may have done all following setting already !!!

in receiver adepter what is the service number you are using is it for HTTP or HTTPS ?

you can get services number with the help of tcode SICF>f8> then go to menu bar >GOTO>port information

Regards,

Amit

Answers (1)

Answers (1)

Former Member
‎02-07-2011 7:52 PM
0 Kudos

Hi,

I am providing the Audit log taken from Adapter Engine of Runtime Workbench for outbound communication.

Transmitting the message to endpoint https://<ip address>:<port>/url using connection CIDXAdapter failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: Error transmitting the message over HTTP. Reason: java.lang.RuntimeException: Error while silently connecting: org.w3c.www.protocol.http.HttpException: Padding length error: 229 > 24.

And for the inbound communication the log submitted by partner is

HTTP/1.1 401 Unauthorized

Please provide your inputs.

Thanks,

Suraj Pabbathi

Show replies
Show replies
Ask a Question