cancel
Showing results for 
Search instead for 
Did you mean: 

Where to Import Clients SSL certificate for HTTP_AAE

arijit_mukherjee2
Participant
0 Kudos

Hello Experts,

We have one scenario where we need to post HTTPS message to one of our partner using SSL. We are using HTTP_AAE receiver adapter as we are connecting the partners HTTPS system from our PI single stack system.Earlier in dual stack PI, we used to upload the partners SSL certificates to "CLIENT_ICM_SSL_XXXXX" to connect. However we had to Export the view to PSE as the HTTP adapter resides in ABAP stack in dual stack system.

My queries are as below:

1)Do we need to import the SSL certificates to TrustedCAs as we are using single stack system?

2)At receiver HTTP_AAE channel,I checked the option "Use SSL". But how do I specify the client certificate if we use TrustedCAs as that option is not available?

3)The last thing I'm confused is that even if I do not import any certificate to KeyStore,I can not see any error message in channel monitoring however our partner says that they did not receive any message.

Appreciate your help and feedback!!!

Thanks,

Arijit

Accepted Solutions (1)

Accepted Solutions (1)

arijit_mukherjee2
Participant
0 Kudos

Hi,

It worked while I imported the clients certs in to the Trusted CAs

Former Member
0 Kudos

Hello Arijit Mukherjee,

I have the same requirement to import the private keys provided by third party bank, and I am using receiver HTTP_AAE adapter and using the imported keystorage view and and keystorage entry. I have also imported in Trusted CAs, but its throwing error for me.

Could you please help me,Please see the below thread which I have opened. Please help me.

Thanks,

Farhan

minal_vaidya2
Explorer
0 Kudos

Hello Arijit

Could you please provide details on the solution you applied to make this work?


--> It worked while I imported the clients certs in to the Trusted CAs

Here by client certificate do you mean receiver system's certificates ?


I am working on similar scenario where we need to move HTTPS ABAP stack SM59 connections to HTTP_AAE.

Do we need to upload "Client" i.e. PI systems certificates anywhere in NWA?


Receiver system that I am trying to connect with HTTP_AAE receiver adapter doesn't have any Root, Intermediate certificates in test environment. Are these mandatory for HTTP_AAE SSL to work ?

SM59 in ABAP stack works just fine without these certificates.


Thanks in advance!

minal_vaidya2
Explorer
0 Kudos

Just an update. Connection is working properly now. There was no chain certificates same certificate was added as client and as CA in keystore.

Answers (2)

Answers (2)

smavachee
Active Contributor
0 Kudos

Ref below help link for step by step procedure for Configuring the Java HTTP Adapter on the Receiver Channel.

Configuring the Java HTTP Adapter on the Receiver Channel - HTTP_AAE

Suggested document by Venkata is good one and graphical presentation will be helpful.

Hope it helps.!

Regards,

Sunil

Former Member
0 Kudos
arijit_mukherjee2
Participant
0 Kudos

Hi Venkat,

Thanks for your reply. I have already seen that link and our systems SSL is activated already. I am just asking about the exact keystore view where my clients certificates to be imported which is required to connect their HTTPS system.

Regards,

Arijit

former_member184720
Active Contributor
0 Kudos

Hi Arijit -

1)Do we need to import the SSL certificates to TrustedCAs as we are using single stack system?

>>>> if your client requires private key authentication and provided you with they key then Yes. else it is not mandatory.

2)At receiver HTTP_AAE channel,I checked the option "Use SSL". But how do I specify the client certificate if we use TrustedCAs as that option is not available?

>>>>You can import the private keys(your client certificates) into trusted CA's and use it HTTP_AAE adapter. If it not showing the trusted key's may be the import was incorrect.  If you can find the private key under Trusted CA"s view then your channel will display it.

Follow the below blog

http://scn.sap.com/community/pi-and-soa-middleware/blog/2013/01/06/how-to-load-keys-and-certificates...

3)The last thing I'm confused is that even if I do not import any certificate to KeyStore,I can not see any error message in channel monitoring however our partner says that they did not receive any message

>>> Your receiver might be rejecting the messages from PI as it's not authenticated(not using private key). You can make use of  the below tool to monitor the traffic.

http://scn.sap.com/people/stefan.grube/blog/2007/03/29/troubleshooting-soap-http-and-mail-adapter-sc...