on 12-11-2012 6:10 AM
Hi,
I have been assigned a project which involves SS L certificates for TLS.
I have to create a new certificate in SAP PI 7.1 using NWA. I am confused about what will be the commonName.
Referring to the link: https://help.sap.com/saphelp_nwce10/helpdata/en/a6/98f73dbc570302e10000000a114084/content.htm
which mentions commonName is server’s fully-qualified host name.
Does it mean that i will have to mention sender PI server host-name in commonName?
Screenshot is attached for reference.
Need clarification on above.
Yes, you can use the PI server hostname as commonName. commonName is the web address which will be accessed for secure connection. If you are creating and using this certificate on PI server, you should use PI hostname.
Regards,
Prateek Raj Srivastava
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Thank you Prateek for your prompt reply.
Can you also give clarity on below point:
Do we need client SSL certificates if there is no Mutual Authentication for TLS?
My Client says TLS is on account of transport protocol - HTTPS and there is no explicit exchange of certificates for mutual authentication.
Kindly advice.
Hello,
SSL do many things, secure and authenticate.
For you, if you just want secure connection, only server must have his certificate. Client has to import CA (certification authority) to trust server certificate.
I think, you just nedd to import CA, they are include in sever certificate, it also can be server certificate himself (in case autosigned certificate)
Regards
Guislain
Hi,
it depends, if PI is client or server.
When PI is the client : No need to generate key, just import CA server (CA server = Root, and intermediate)
When PI is the server : You need to generate both (public and private). Give public certificate to partner (they use them to crypt data), keep the private one (you use it to uncrypt data). And yes, you have to main both key.
I hope it will help you
Regards
Guislain
Hi,
Thank you for your quick response.
PI is server in this case.
Our Client is saying that TLS is on account of transport protocol - HTTPS and there is no explicit exchange of certificates for mutual authentication.
Do we still need to give public certificate to partner?
I understand latest root certificate can be searched on net. Where can we get Intermediate certificate?
Kindly help me with your response.
Hi,
I understand that you use SSL one way. I'm agree, no need to exchange certificate for authentication. but certificate contain some tools to crypt flow.
To trust PI server, client need to have PI server CA certificate in client truststore and the easiest way is to import Public PI server certificate, in public certificate you can export root and intermediate certificate.
At runtime, when client try to established connection, PI server send Public key, client chek if CA can be trust or not (trusted if CA exist into trust store), if yes, they use tool into certificate to crypt the flow
Regard,
Guislain.
User | Count |
---|---|
91 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.