cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Create Web Service and Proxy with HTTPS

Former Member

on ‎01-11-2012 12:45 PM

0 Kudos

Hi Experts,

I'm not quite shure if this is the correct place but i'll try it.

I have to create a Web Service and a Proxy in two SAP Systems and communicate via HTTPS.

Now i created the WS in one system with HTTPS and I created a consumer proxy in the other system.

I know how to create a WS and a proxy (via SE80 and SOAMANAGER, etc.).

I have found many Information in the web and at the SAP Pages. The big Problem is the Certificate I have to use.

What have I done:

- I entered the URL of the Web Service and hat to enter a Username and a Password.

- I received a message, that the certificate is not save.

- Then I downloaded the certificate as DER-coded binary X.509(.CER)

- I imported the Certificate in STRUST and restarted the ICM.

Now, when I try to call my Web Service I get the following Error:

- ERROR during SecudeSSL_SessionStart()...

... the verification of the server's certificate chain failed...

...Error in get_path:...found root certificate of <CN=...

...Error in verify_with_PKs... Found root certificate of...

I couldn'f find other certificates in the Certificate Chain while downloading the certificate.

I don't get one thing. Some people talking about the CA musst sign the certificate.

Do I have to send the Certificate to a CA? An Organisation? or can I sign my Certificate by myself?

Is there any good tutorial in the web. I haven't found one. (Just one using J2EE)

Thanks and regards,

Sebastian

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎01-11-2012 2:59 PM
0 Kudos

Hi,

You want to establish an SSL connexion between 2 SAP abap system.

It means that you need at least an SSL server certificate on the web service provider server and an SSL client certificate on the web service client server.

You have to decide if you want to use the client certificate for authentication.

If not, you can create an anonymous SSL client certificate in STRUST.

If yes, you need to create a standard SSL client certificate in STRUST.

You have to decide if you will use signed certifcates (this is of course the best practice).

If the SSL server certificate is signed, you have to import the CA certificates in the SSL client PSE.

If the SSL client certificate is signed, you have to import the CA certificates in the SSL server PSE.

If the SSL client certificate is not signed, you have to import the auto signed client certificates in the SSL server PSE.

If you want to use the client certificate for authentication, you have to do the mapping betwwen the CN and the abap user.

Regards,

Olivier

Show replies
Show replies
Former Member
‎01-11-2012 1:33 PM
0 Kudos

Hello Sebastian,

You should have entrust chain certificate (webservice, root & intermediate) sent by Certificate Authority (CA) to work this as expected. You need to generate CSR certificate from J2EE and get it signed by CA and then import into the system.

Please take a look at the below link for generating CSR request.

http://help.sap.com/SAPHELP_NW04s/helpdata/EN/a6/98f73dbc570302e10000000a114084/content.htm

Good Luck.

Thanks,

Siva Kumar

Show replies
Show replies
Ask a Question