I am very well aware that a CA authority will issue the certificate. As per my understanding, this certificate will ultimately be installed in XI (STRUST). So, lets say we have already a certificate issues by Verisign, Twate or some other CA, and its already installed in XI box. How can I get the client certifcate exported to a file and send it to any vendor so that they can use to while sending their requiest to XI server?
Actually I would also like to know the exact steps for enabling the HTTPS / SSL communication for SOAP messaging.
Please correct me but I understand that it could be different steps depending on if you use J2EE stack or ABAP stack. e.g. SOAP Adapter ( J2EE stack)
I have come across following blogs that seem helpful.
<a href="/people/rahul.nawale2/blog/2006/05/31/how-to-use-client-authentication-with-soap-adapter">Rahul Nawale: How to use Client Authentication with SOAP Adapter</a>
<a href="/people/naresh.pai/blog/2005/03/14/was-security--demystified">Naresh Pai: WAS Security Demystified</a>
This <a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a09f3d8e-d478-2910-9eb8-caa6516dd7d9">Document</a> will help you.
<i>>>>How can I get the client certifcate exported to a file and send it to any vendor so that they can use to while sending their requiest to XI server?</i>
Depends on how you want your external vendor to be authenticated on your XI server - either via basic authentication or using a client certificate. For both cases, your vendor needs to trust the issuer (i.e. CA) of the server certificate for your XI server. So what your external vendor needs is usually the root certificate of the CA that issued your server certificate for XI. If it's a common CA like Verisign, they may already have it. Otherwise, after you import the CSR (Certificate Request Response) for your XI server certificate, you can then pass the root cert of your CA to the vendor. If you have issues accessing this, just open a browser and access the HTTPS URL of the XI server and double click on the padlock on the lower right or on the "view certificate" button on the popup if you get one.
If you want your vendor to use a client certificate to authenticate themselves when connecting to the XI server (this would be mutual authentication), you would need to trust the CA who issued the client certficate to your vendor and import that CA's root certificate into the key storage of either your ABAP (STRUST) or Java (Key Storage J2EE service - accessible via Visual Admin tool) stack.
FYI, configuring SSL using STRUST and ABAP stack only comes into play for the plain HTTP adapter and when making a direct connection to the XI pipeline. When configuring SSL for adapter engine based adapters like SOAP and RNIF, that's when the Java server needs to be configured for SSL (e.g. using Visual Admin tool).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.