Hi,
we are developing PI Interfaces through which flat files will be sent to client's FTP server. Client's requirement is that the data be sent in a secure way. We are using PI 7.1 EHP 1 SP05. Hence SFTP is not possible unless we upgrade to SP08, so we are proceeding further with FTPS (FTP over SSL).
For FTPS, we spoke to the client and got the Public key certificate. Now, the problem is when we try to deploy the public key certificate in the Netweaver Administrator.
I selected the key storage view TrustedCAs, and in the key storage view details, after selecting "Import Entry", there comes a pop up as below
How do we know what type of entry that the client has sent to us ?
Since, selecting PKCS#12 key pair was giving an error as "ERROR: -> ID21108: ASN.1 creation error: iaik.asn1.CodingException: Invalid ASN.1 object: Unknown tag class/value: 0/13",and PKCS#8 was giving errors with the selection of the certificate file, I selected X.509 certificate and imported the file. It gives an error as "ERROR: -> iaik.asn1.CodingException: ASN.1 creation error: iaik.asn1.CodingException: Length: Too large ASN.1 object: 106 "
Kindly refer to the public key certificate that is attached.
Please help us identify what the issue is. Thanks in advance.
Regards,
Vivek.
- SAP Managed Tags:
Accepted Solutions (1)
Hi Tony,
Thanks much for the response. I went through your blog and tried installing the certificate in windows, I got the same security warning pop up as you have mentioned.
Now, will the FTP service provider provide me the CA root certificate also ? I guess, the certificate that we received is a self-signed one.
If I get one, then I have to import both the CA root cert as well as the Public key cert into the Trusted CAs keystore view. Is there any other configurations that I have to do on the NWA, other than importing these certificates?
In your blog, point #2
2. For FTPs PI 7.1 can only use Explicit Encryption! You will need to work with your third party vendor to have their FTPs server setup to use Implicit Encryption for your connection.
Should the FTP server setup to use implicit encryption? I think, they have setup Explicit Encryption. Please clarify.
We have our PI installed on a Unix server. Will I be able to run Winscp from Unix ? I connected to the FTP server from a different PC which is out of the firewall using winscp client, and was able to drop files in the server.
In the blog, , it has been mentioned
Under command Order there is a Use x.509 Certificate for Client Authentication tick box. (select that on)
Keystore = TrustedCAs (select this from the value list)
x.509 Certificate and private key = TrustedCAs – Newly Imported Certificate
but, we are unable to get the certificates that we added in the Trusted CAs.
In the blog by Rajasekhar Reddy, , it is mentioned that the necessary configurations are to be made in the SAP J2EE Engine Administrator and Visual Administrator. I have access only to the Netweaver Administrator.When I checked with the Basis about this, they told me that these configurations are for windows server and not Unix. Hence, all the configurations are to be made from NWA. I hope we were using Visual Admin for older versions, and now we use only Netweaver Administrator. Please let me know whether I am right.
Rajasekhar has also mentioned in his blog about the enabling of ' Use X.509 Certificate for client authentication' check box in the Channel configuration. He has selected a standard service_ssl keystore view, will this be of any help? Shouldn't we select the certificate that we just imported in Trusted CAs ?
We couldn't see Trusted CAs listed here, and one more thing is this list shows only Private keys from the keystore. whereas my entry type is displayed as 'Certificate' in the keystore.
Thanks & Regards,
Vivek.
Answers (1)
| User | Count |
|---|---|
| 86 | |
| 10 | |
| 10 | |
| 10 | |
| 7 | |
| 6 | |
| 6 | |
| 5 | |
| 5 | |
| 4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.