on 02-12-2014 11:21 AM
Hello Experts,
We have one scenario where we need to post HTTPS message to one of our partner using SSL. We are using HTTP_AAE receiver adapter as we are connecting the partners HTTPS system from our PI single stack system.Earlier in dual stack PI, we used to upload the partners SSL certificates to "CLIENT_ICM_SSL_XXXXX" to connect. However we had to Export the view to PSE as the HTTP adapter resides in ABAP stack in dual stack system.
My queries are as below:
1)Do we need to import the SSL certificates to TrustedCAs as we are using single stack system?
2)At receiver HTTP_AAE channel,I checked the option "Use SSL". But how do I specify the client certificate if we use TrustedCAs as that option is not available?
3)The last thing I'm confused is that even if I do not import any certificate to KeyStore,I can not see any error message in channel monitoring however our partner says that they did not receive any message.
Appreciate your help and feedback!!!
Thanks,
Arijit
Hi,
It worked while I imported the clients certs in to the Trusted CAs
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Arijit Mukherjee,
I have the same requirement to import the private keys provided by third party bank, and I am using receiver HTTP_AAE adapter and using the imported keystorage view and and keystorage entry. I have also imported in Trusted CAs, but its throwing error for me.
Could you please help me,Please see the below thread which I have opened. Please help me.
Thanks,
Farhan
Hello Arijit
Could you please provide details on the solution you applied to make this work?
--> It worked while I imported the clients certs in to the Trusted CAs
Here by client certificate do you mean receiver system's certificates ?
I am working on similar scenario where we need to move HTTPS ABAP stack SM59 connections to HTTP_AAE.
Do we need to upload "Client" i.e. PI systems certificates anywhere in NWA?
Receiver system that I am trying to connect with HTTP_AAE receiver adapter doesn't have any Root, Intermediate certificates in test environment. Are these mandatory for HTTP_AAE SSL to work ?
SM59 in ABAP stack works just fine without these certificates.
Thanks in advance!
Ref below help link for step by step procedure for Configuring the Java HTTP Adapter on the Receiver Channel.
Configuring the Java HTTP Adapter on the Receiver Channel - HTTP_AAE
Suggested document by Venkata is good one and graphical presentation will be helpful.
Hope it helps.!
Regards,
Sunil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi ,
Go through the below link for steps .
Regards
Venkat
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Arijit -
1)Do we need to import the SSL certificates to TrustedCAs as we are using single stack system?
>>>> if your client requires private key authentication and provided you with they key then Yes. else it is not mandatory.
2)At receiver HTTP_AAE channel,I checked the option "Use SSL". But how do I specify the client certificate if we use TrustedCAs as that option is not available?
>>>>You can import the private keys(your client certificates) into trusted CA's and use it HTTP_AAE adapter. If it not showing the trusted key's may be the import was incorrect. If you can find the private key under Trusted CA"s view then your channel will display it.
Follow the below blog
3)The last thing I'm confused is that even if I do not import any certificate to KeyStore,I can not see any error message in channel monitoring however our partner says that they did not receive any message
>>> Your receiver might be rejecting the messages from PI as it's not authenticated(not using private key). You can make use of the below tool to monitor the traffic.
User | Count |
---|---|
83 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.