on 05-12-2013 7:00 AM
Hi Experts,
I understand that SSL is used to encrypt communication over internet.
Also went through the below doc for setting up SSL
http://help.sap.com/saphelp_nwpi71/helpdata/EN/14/ef2940cbf2195de10000000a1550b0/frameset.htm
However I have the following conceptual questions -
When PI is the client and receiver system is HTTPS server -
1. Do we need to get the certificate from receiver and install it in the keystore in NWA Or do we need to create it in PI and then get it signed by CA
and send to receiver
2. What about the public and private key. Should PI set up the public received by receiver somewhere in NWA
Hi,
When PI is the client and receiver system is HTTPS server -
1. Do we need to get the certificate from receiver and install it in the keystore in NWA Or do we need to create it in PI and then get it signed by CA
and send to receiver
2. What about the public and private key. Should PI set up the public received by receiver somewhere in NWA
You only need to pick the servers certificate (you can pick it from a firefox-browser typing url in) and store it at PI trusted CAs (ABAP STRUST for http adapter double stack, Java NWA for soap adapter).
/Udo
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Udo,
Appreciate your very helpful reply.
2 more queries -
1. Once i install the Server certificate in ABAP STRUST, Don't I need to get that certificate signed by third party CA or SAP CA
2. Also once the certificate is stored in PI ....will that automatically appear in the receiver HTTP channel....Or I do not need to specify anything in the receiver channel ??
Thanks for bearing with my lack of info
Hi,
1. Once i install the Server certificate in ABAP STRUST, Don't I need to get that certificate signed by third party CA or SAP CA
no
2. Also once the certificate is stored in PI ....will that automatically appear in the receiver HTTP channel....
no
Or I do not need to specify anything in the receiver channel ??
no
/Udo
Hi,
1. If I do not specify the correct certificate entry in the receiver comm channel. How will the interface pick up the correct certificate
This is a complex communication during ssl hand shake. Please have a look to http://en.wikipedia.org/wiki/HTTP_Secure
2. Also when do i need to get the certificate signed by a CA....Is is when PI functions as a HTTPs server
yes
/Udo
Hi,
Asper my knowledge. the server haveing 2 pairs of certificates. public and private certificates. They will share private cerificates to sap PI team. same certificates need to store in STRUST location in SAP PI system. another pair (public) of certificates installed in server side.
certificates having pairs like
private 123 (in sap pi)
Public 123 (server side)
need to store the certificates in sequential order. if not it will through peer reject error.
if wrong correct me.
Regards,
Kesava
Hi Hema,
Check below blog.
It gives the step by step procedure for SSL configuration.
http://scn.sap.com/docs/DOC-26145
Regards,
Pranil.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
98 | |
11 | |
11 | |
10 | |
10 | |
8 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.