cancel
Showing results for 
Search instead for 
Did you mean: 

SSL useage

Former Member
0 Kudos

I am doing a SOAP -> XI --> IDoc scenario.I am trying to have an external organization send soap messages into our interface and they need to be secure. So I am using the HTTPS authentication in the sender SOAP adapter.

How do you make sure that the link “ http://host:port/XISOAPAdapter/MessageServlet?channel=party:service:channel'” is a secure link with HTTPS instead of HTTP ?? Is there a price involved for using the SSL certificates??

Accepted Solutions (0)

Answers (1)

Answers (1)

MichalKrawczyk
Active Contributor
0 Kudos

hi,

>>>>Is there a price involved for using the SSL certificates??

yes

>>>>s a secure link with HTTPS instead of HTTP ??

did you read that:

http://help.sap.com/saphelp_nw04/helpdata/en/1f/7e2441509fa831e10000000a1550b0/frameset.htm

Regards,

michal

Former Member
0 Kudos

Thanks Michal. This gives me an insight into the web security setting for the message level security. But if select web security, I do not see where I can put in the security procedure, issuer details ….Do they need to be set up elsewhere from where they would be referenced??

Also my main question is in order to use an HTTPS with or without client authentication, I still need to make the necessary SSL installation and the cryptlib settings, right?

So after doing this, would the external webservice sending the soap message, will need to send it to a “https//host:port/XISOAPAdapter/MessageServlet?channel=party:service:channel” instead of a “http://host:port/XISOAPAdapter/MessageServlet?channel=party:service:channel”….

Any advice is appreciated.

MichalKrawczyk
Active Contributor
0 Kudos

hi,

>>>>ut if select web security, I do not see where I can put in the security procedure, issuer details ….Do they need to be set up elsewhere from where they would be referenced??

in the sender agreement

when you select the

"The Web Services Security or S/MIME checkbox must be selected in the assigned communication chanel"

it should be available in the sender agreement

at least that how it worked with receiver adapters

(receiver agrreement) that I worked with

(encrypted mails)

have a look at this weblog:

/people/rahul.nawale2/blog/2006/05/31/how-to-use-client-authentication-with-soap-adapter

to learn more:)

Regards,

michal

henrique_pinto
Active Contributor
0 Kudos

Michal,

I don't know if this is what you are refering to, but I have worked with Transport Layer Security (SSL) on XI and it's independent of Message Level Security (web service security). The first encrypts the data at communication layer, the later at application layer.

So, to enable SSL on Soap sender adapter, just need to check the following step-by-step:

http://help.sap.com/saphelp_nw2004s/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm

First, make sure that the pre-requisites are OK:

http://help.sap.com/saphelp_nw2004s/helpdata/en/8d/cb71b8046e6e469bf3dd283104e65b/frameset.htm

and

http://help.sap.com/saphelp_nw2004s/helpdata/en/cd/9dd23e6b2c3d67e10000000a114084/frameset.htm

Then, on Sender Soap Adapter, set HTTP Security Level to https (w or w/o client authentication). If you need client certificate, you must have set it to the right https port on the walkthrough above (I think it was 2nd step). This https port will be used for the addres:

https://<server>:<https_port>/XISOAP.

Regards,

Henrique.

MichalKrawczyk
Active Contributor
0 Kudos

hi,

you must be right I only used MLS for receiver adapters

and it's a little bit different

Regards,

michal