cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Question on HTTPs - SSL encryption

Go to solution
former_member474221
Participant

on ‎05-12-2013 7:00 AM

0 Kudos

Hi Experts,

I understand that SSL is used to encrypt communication over internet.

Also went through the below doc for setting up SSL

http://help.sap.com/saphelp_nwpi71/helpdata/EN/14/ef2940cbf2195de10000000a1550b0/frameset.htm

However I have the following conceptual questions -

When PI is the client and receiver system is HTTPS server -

1. Do we need to get the certificate from receiver and install it in the keystore in NWA Or do we need to create it in PI and then get it signed by CA

    and send to receiver

2. What about the public and private key. Should PI set up the public received by receiver somewhere in NWA

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

udo_martens
Active Contributor
‎05-13-2013 8:45 AM
0 Kudos

Hi,

When PI is the client and receiver system is HTTPS server -
1. Do we need to get the certificate from receiver and install it in the keystore in NWA Or do we need to create it in PI and then get it signed by CA
    and send to receiver
2. What about the public and private key. Should PI set up the public received by receiver somewhere in NWA

You only need to pick the servers certificate (you can pick it from a firefox-browser  typing url in) and store it at PI trusted CAs (ABAP STRUST for http adapter double stack, Java NWA for soap adapter).

/Udo

Show replies
Show replies
former_member474221
Participant
‎05-14-2013 5:34 AM
0 Kudos

Hi Udo,

Appreciate your very helpful reply.

2 more queries -

1. Once i install the Server certificate in ABAP STRUST, Don't I need to get that certificate signed by third party CA or SAP CA

2. Also once the certificate is stored in PI ....will that automatically appear in the receiver HTTP channel....Or I do not need to specify anything in the receiver channel ??

Thanks for bearing with my lack of info

udo_martens
Active Contributor
‎05-14-2013 9:09 AM
0 Kudos

Hi,

1. Once i install the Server certificate in ABAP STRUST, Don't I need to get that certificate signed by third party CA or SAP CA

no

2. Also once the certificate is stored in PI ....will that automatically appear in the receiver HTTP channel....

no

Or I do not need to specify anything in the receiver channel ??

no

/Udo

former_member474221
Participant
‎05-14-2013 10:05 AM
0 Kudos

Hi Udo,

Thanks for a quick reply.

1. If I do not specify the correct certificate entry in the receiver comm channel.  How will the interface pick up the correct certificate

2. Also when do i need to get the certificate signed by a CA....Is is when PI functions as a HTTPs server

udo_martens
Active Contributor
‎05-14-2013 10:19 AM
0 Kudos

Hi,

1. If I do not specify the correct certificate entry in the receiver comm channel.  How will the interface pick up the correct certificate

This is a complex communication during ssl hand shake. Please have a look to http://en.wikipedia.org/wiki/HTTP_Secure

2. Also when do i need to get the certificate signed by a CA....Is is when PI functions as a HTTPs server

yes

/Udo

former_member303666
Active Participant
‎05-14-2013 10:46 AM
0 Kudos

Hi,

Asper my knowledge. the server haveing 2 pairs of certificates. public and private certificates. They will share private cerificates to sap PI team. same certificates need to store in STRUST location in SAP PI system. another pair (public) of certificates installed in server side.

certificates having pairs like

private 123 (in sap pi)

Public  123 (server side)

need to store the certificates in sequential order. if not it will through peer reject error.

if wrong correct me.

Regards,

Kesava

Answers (1)

Answers (1)

Pranil1
Participant
‎05-13-2013 7:06 AM
0 Kudos

Hi Hema,

Check below blog.

It gives the step by step procedure for SSL configuration.

http://scn.sap.com/docs/DOC-26145

Regards,

Pranil.

Show replies
Show replies
Ask a Question