on 02-03-2012 6:02 PM
All,
I am not sure if this is the correct forum -
We are on PI 7.1 EHP1. SSL has to be enabled on this server.
As per Note 510007 (and also - http://help.sap.com/saphelp_nwpi711/helpdata/en/49/23501ebf5a1902e10000000a42189c/frameset.htm)
all the steps have been performed.
1. Install the SAP Cryptographic Library on the application server.
2. Set the profile parameters.
3. Create and maintain the SSL Server PSEs as follows:
a.Create the SSL server PSEs.
b.Generate a certificate request for each SSL server PSE.
c.Send the certificate requests to a CA to be signed.
d.Import the certificate request responses into the server's SSL server PSEs.
e.Maintain the SSL server PSE's certificate list.
We have done this on ABAP stack using - STRUST.
I have tested the https url - and is working.
Question:
1. Where in the configuration - are we telling to use SSL port (say - 50001) against a keypair.
When I am looking at the following doc (NW04):
http://help.sap.com/saphelp_nw04/helpdata/en/a6/98f73dbc570302e10000000a114084/frameset.htm
I see a step - "Assigning the Key Pair to Use for a Specific SSL Port".
>>Where in the configuration - are we telling to use SSL port (say - 50001) against a keypair.
What is your end to end scenario? Which adapter are you planning to use? Soap or HTTP, at sender or receiver?
>>The public key certificate that is signed and imported in this process has to be exchanged with the business partners - right - Am I correct?
We have to share our public key (created at out server and if required signed by certification authority) with the partner.
Regards,
Prateek Raj Srivastava
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Prateek,
We are using CIDX adapter - HTTPS protocol with the business partner.
when we create CSR request, what would be CSR request created against - actual server name (say Dev server for ex) or the public server name, (which is part of public url)?
If I get it signed against the name of the public server name, I can use the same public key across all the environments...Am I correct in my apporach?
Also, Prateek, Could you please look at my original post of this thread and share your thoughts.
If it is CIDX adapter, SSL should be enabled on J2EE. You have to create/install your certificate in NetWeaver Administrator and the public key should be sent to the partner.
http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/content.htm
CSR is created against the server information and the your public key (created in your server). This is then sent to CA.
You can use the same certificate across, however, it is not a recommended practice. Test and Production level certificates must be different.
Regards,
Prateek Raj Srivastava
You can do either in STRUST TC in Abap stack or in the java stack.
>1. Where in the configuration - are we telling to use SSL port (say - 50001) against a keypair.
I believe the notes talk about java stack.
Go to Netweaver Administration in RWB --> configuration management -->certificates and keys
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Gopal,
I did not find it "certificates and keys". Could you please help me.
I am looking for the step where it would say - use this keypair for the HTTPS port 50001.
And another question would be -
The public key certificate that is signed and imported in this process has to be exchanged with the business partners - right - Am I correct?
Help is greatly appreciated.
User | Count |
---|---|
84 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.