cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HTTP with SSL (= HTTPS), but without client authentication

Go to solution
Former Member

on ‎03-22-2013 3:23 PM

0 Kudos

Hi,

I have this scenario  Soap-->PI-->Ecc(IDoc)

the interface works good with just HTTP.  and now I wanted to use  "HTTP with SSL (= HTTPS), but without client authentication."

the sender installed SSL certificate on sender server.

so now, what all activity an PI developer do(on ID; integration directoy)? and what all activities as Basis admin do on PI system side?

i have seen lots of disscussions and blogs; its kind of overwhelming. can somebody tell me simple, specific terms.

Thanks.

Prema

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

nabendu_sen
Active Contributor
‎03-22-2013 4:15 PM
0 Kudos

Hi Prema,

Please find the below threads, let us know anything else if you want to know (anything specific).

https://scn.sap.com/thread/2100000

http://scn.sap.com/thread/3302097

Regards,

Nabendu.

Show replies
Show replies
Former Member
‎03-22-2013 4:37 PM
0 Kudos

Thanks Nabendu;

This means, as PI developer, i dont have to do anything other than selecting "HTTP with SSL (= HTTPS), without client authentication."   in Communication Channel.   and rest installation n keystore stuff is done by basis?

nabendu_sen
Active Contributor
‎03-22-2013 4:50 PM
0 Kudos

Hi Prema,

You are right.

Answers (1)

Answers (1)

Former Member
‎03-22-2013 4:55 PM
0 Kudos

Prema,

You need to co-ordinate with your Basis security team & Basis team to get a X.509 signed certificate.

  1. Login to NetWeaver Administrator and go to Configuration management ->Security->Certificate & Keys
  2. Creaea view using add View button. Add Keystore view details by details like Algorithm as RSA, Keylenth as 1024, Valid date(To & From), Select Country, Click on Finish. You will see one private & public key certificae. Click on export to PSE button & save public & provate key to PSE file.

         Copy the PSE file to sec directories to each of the instances DI.

  C.   Go to Home & Identity management. Define role Select Role in the Search Criteria drop-down    

          box, and then click the Create Role button. Give the unique name & click on assigned actions

          button.view-actions.all.all”, “entry-actions.all.all  and WSSecurityProcessing & click add.

          Add Users as PIAFUSER & PIISUSER

Public key certificate should be should be signed by CA & send to the third party using SOAP to upload on their server. 

You also need to generate the certificate signing request(CSR), for this select the keystore view & select yur private key & clcik on generate CSR request button & dwnload on local system & get it signed by CA & then upload on PI server.

Once the certificate is installed on Pi server,  you need to configure Integration directory with slect the correct keyStore Entry & view name created in the above steps in sender agreement & same values in sender channel. You need to restart the comminication channel to take the affect.

In production some times we need to bounce web dispatcher

Hope thiswill helo you.

Regards,
Ashish

Show replies
Show replies
Ask a Question