Dear All,

We are trying to test our scenarios(synchronous  ABAP proxy to HTTP_AAE in dual stack 7.4) by importing the third party(bank) private key(.pb12) format. this is not signed by any CA, its just generated on their server, the corresponding public key, they have maintained on their server, so far we are unsuccessful to send any request. We are convincing bank that, we will provide the CSR(certificate signing request) from our PI server and then you provide us the complete certificate(root , intermediate and public key signed by CA), but they are saying we cant provide for test environment.

Our goal is to just test our scenarios with bank using SSL/HTTPS and get response.

After reading many blogs on SCN related to SSL/HTTPS and certificates, I just want clarify the below points here.

1. Can we communicate to bank(SSL enabled) by just importing their private/public key in "TrustedCas" on nwa, without creating any SCR from our PI server? is it mandatory to create CSR on PI server, and then send to third party, then get the signed certificate from third party(CA)?
2. We are re-implementing the interfaces from SAP business connector to SAP PI, so bank is saying you can use the same certificate which we had provided for SAP BC, can we? I do not think so, I believe when we generate a CSR from one particular server, and send it to CA and get the signed certificates, then we can not use for any other server, please confirm.
3. How many certificates chain/keys exactly we required to communicates with the bank,  moreover what should be maintained on PI server, and what should be maintained on Bank server
4. Do we need to enable SSL/HTTPS on our PI server as well, I mean our PI server URL should starts with https.
5. Currently we are importing the certificates in “TrustedCas” is it correct, does HTTP_AAE receiver adapter identify the 
6. How to verify whether the certificate has the complete chain and complete to communicate with bank, also which is root certificate and which is private key
7. On HTTP_AAE receiver adapter, there is a option "Use SSL" and there is "Specify the Client certificate" under that "Keystore View and Keystore Entry" , I confused when to use only "Use SSL" only and when to use both. SAP help says

"If you want the receiver adapter to transfer data to the target system using a secure connection, select Use SSL .

If you want to authenticate the client using a client certificate, select Specify Client Certificate and specify details in the Keystore View and Keystore Entry"

We are using the bank certificate, so shall we use both or only "Use SSL" ? "Specify the Client certificate" look for the private keys only from the keystorage view.

Thanks,

Farhan