cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HTTPS using SOAP and sharing certificates

Former Member

on ‎04-28-2014 9:45 AM

0 Kudos

Hi Experts,

We have been able to activate HTTPS port in our PI system and created a scenario with SOAP sender with option -- >> HTTPS without client authentication.


Now, we generated the URL from sender agreement -- >> https:<host>:<port>:XISOAPAdapter/MessageServlet?........

When we try to test this from SOAPUI, an error message is received that - Client Certificate is required.

Now in NWA, under Security - >> SSL, we could find Private key and have uploaded the same in SOAPUI Keystore... But the error persists.

Just to emphasie we are just using self-generated certificate which is not signed by any CA.

Now questions or rather confusions:

1. If PI is hosting a service ( SOAP Sender ), exactly what kind of certificate should be exported and imported into SOAPUI or third party ? Private key PK8, PK12 or simply Certificate ?? Where exactly is the Public key ?

2. In case third party hosts the service and PI needs to consume it, I assume third party will share their certificates. Will they share public or private key ? Shall we simply upload it in our key store and it will work ?

3. In case PI and Third Party both are hosting the services so do we need 2 Set of certificates for scenarios to work ? ( One generated at each server ?)

I have read blogs, discussions but have seen varying opinions and hence wanted to clarify.

Thanks..

regards,

Omkar.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Shabarish_Nair
Active Contributor
‎04-28-2014 10:42 AM
0 Kudos

Please go through this link - HTTP and SSL - SAP NetWeaver Process Integration Security Guide - SAP Library

"A general prerequisite for using HTTPS in both SAP NetWeaver Application Server (AS) ABAP and Java is that the SAP Cryptographic Library is installed on the AS. In addition, the certificates (for example an X.509 certificate) used must have been issued by a company-internal Certification Authority (CA), or by an external trusted CA such as Thawte, Verisign, or TC Trustcenter."

Show replies
Show replies
Former Member
‎04-28-2014 10:49 AM
0 Kudos

Hi Shabarish,

Thanks for the quick response...

We are using PI 7.31 and cartographic library and pre-requisites are available. Even I can see the certificate in NWA.

Question is in case PI is hosting the service, what exactly should client like SOAPUI have to make the request go through and receive the response ? Which certificates and from where should be exported from PI and imported to SOAPUI ( or any third party client).

Thanks..

regards,

Omkar.

Shabarish_Nair
Active Contributor
‎04-28-2014 11:28 AM
0 Kudos

If you are looking to test via SOAPUI - http://geekswithblogs.net/gvdmaaden/archive/2011/02/24/how-to-configure-soapui-with-client-certifica...

Former Member
‎04-28-2014 11:58 AM
0 Kudos

Hi Shabarish,

let me try this..

But for understanding I have a question..In our scenario SOAP sender is used which means PI is the server. So we will generate certificates in PI and download Private key from NWA -- >> Certificate and keys.  We will download it in PCK12 format and this is the file we need to upload in SOAPUI or share with third party right ? Is that right ?

Thanks..

regards,

Omkar.

Former Member
‎04-29-2014 6:23 AM
0 Kudos

Hi shabarish,

I tried it.. But still error is same. - Client certificate required.

I have gone to NWA -- >> SSL, downloaded private key and uploaded it to SOAPUI as mentioned. Also added the line in bin directory.

Error persists . Any ways to troubleshoot or try ?

Thanks..

regards,

Omkar.

Ask a Question