cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SFTP adapter polling issue using certificate based authentication

Go to solution
Former Member

on ‎09-25-2013 5:15 PM

0 Kudos

Hi Experts,

I am receiving the following exception in the sender SFTP communication while polling the file.

Exception received: com.jcraft.jsch.JSchException: java.io.IOException: inputstream is closed

I am using 7.31 dual stack SP 7. The OS is Windows server 2008 64 bit

Followed this blog http://scn.sap.com/community/b2b-integration/blog/2012/08/13/sftp-adapter--installing-sftp-server-on...

Please let me know what could be the possible issue.

PS: Using password based authentication in the SFTP sender adapter i am able to successfully pick up files.

Thanks,

Sudhansu

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

nipun_shedhani4
Explorer
‎09-26-2013 5:16 PM
0 Kudos

Please create the certificate using CYGwin as per the blog by Arunachalam and follow below steps:

1. Run Command ssh at the terminal

ssh-keygen -t rsa -b 2048

This will result in generation of Private Key with name: id_rsa and public key in id_rsa.pub, on path ~/.ssh/

–t signifies that we are using RSA algorithm to generate the cipher key pair,

–b signifies that we are using 2048 bit length to create the cipher key pair

2. Once you have generated public key, paste the content of the local ~/.ssh/id_rsa.pub file into the file ~/.ssh/authorized_keys on the remote SFTP host{under a particular user name}.

3. Storing the private keys in the SAP PI, These keys are to be stored in PI NWA keys repository.

4. Convert the private key to PKCS12 format key using openSSL by running following command to convert it into X509 certificate, additional information would be required to enter:

openssl req -new -x509 -days 3650 –key id_rsa -out x509_certificate

5.Once the X509 Certificate is created run following command to generate a pkcs12 format file :

           openssl pkcs12 -export -in x509_certificate -inkey id_rsa -out sftp_new_keystore.p12

Enter a password if required, {thought here providing a password is a better practice since the P12 file contains the private key.

6. Once the PKCS12 format certificate is generated, upload this into the PI NWA repository by going to NWA->Configuration->Security->Certificates and Keys then add a view,

7. Provide view name as SFTP_KeyBasedAuth

8. In the View created above, now import and entry , and select option as PKCS#12 Key Pair, enter the file path of the P12 file created in step 1.2.3.2, Enter the password if any provided while creating the P12 file.

  1. Updating the SFTP channel with the relevant details.
  2. Update the SFTP channel in Authentication, and select Authentication method as PrivateKey,
  3. Username: The username in the Remote Host which have this corresponding public key.
  4. Private Key View: Select the view name created which is SFTP_KeyBasedAuth
  5. Private Key Entry: Select the View & the key name which was imported under the view, here in this case will be sftp_new_keystore.

That’s the configuration which is required to use the Key based Authentication.

Show replies
Show replies
Former Member
‎10-01-2013 4:10 PM
0 Kudos

Hi Nipun,

Thanks for you inputs. I have tried to exactly follow the steps provided by you.

The certificate loads successfully to NWA.

But when i on the sender CC it fails with following error:

Exception received: com.jcraft.jsch.JSchException: Auth cancel

Can you please help?

Thanks,

Sudhansu

Answers (1)

Answers (1)

Former Member
‎09-26-2013 11:46 AM
0 Kudos

Dear Experts,

Any leads in this are is highly appreciated.

Thanks,

Sudhansu

Show replies
Show replies
Ask a Question