on 06-08-2014 5:48 AM
Experts,
I am using PO 7.31 Single Stack.
I am going to integrate with some Third-Party System ( B2B ) Scenario. As its B2B client want this to integrate this over SSL.
We are using SOAP Communication channel at Source side.
We have shared a PI WebService to third Party and told them to send data on this endpoint.
I have changed following things in webservice( http to https and port no to ssl port no).
Now Certficate part always confuses me So I have question over certificates/ PubliC/ Private Key :-
1. Who will provide Certificate and to whom ??
2. What kind of certificate will be shared accross parties ?? such as public private ?? PGP or X.509 ??
I have gone through many blogs - but i am still confused.
Hi Prabhat,
1. Who will provide Certificate and to whom ??
--->> Certificates are shared between both parties/systems. So PI needs to provide PI public key to receiver system and receiver system needs to provide there public key.
2. What kind of certificate will be shared accross parties ?? such as public private ?? PGP or X.509 ??
-->> The certificate can be X.509.
Please refer the below blog and sap note 891877
regards,
Harish
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Prabhat,
Private key not shared under any circumstances. It is maintained in the system to de-crypt the data encrypted with your public key.
Say in above scenario, you have given your public key to SystemA so SystemA will encrypt the data with your public key and then send it to you. After you receive the the data, it is de-crypted using your private key.
The benefit of sharing the public key is in case the data sent by SystemA is received by some intruder then it cannot be decrypted as he won't be having your private key.
So always remember not share your private key in any circumstances.
Regards
VJ
Hi Vishal ,
Thanks for comments !!!i
Under which situations we should share our public Keys ?
I understand there could be two situations :-
1. Just to Handshake. ( Just to make sure if the Sender and Receiver system is genuine system).
2. To Encrypt and Decrypt the Data.
Please add to it . and Correct me if i am wrong
Hi Prabhat,
Public key are shared in both scenario. Just handshake (authentication of message sender) or encryption of data.
only authentication scenario and no encryption
Sender send message with digital signature using own private key ---> receive authenticate the message using sender public key
Encryption and authentication
Sender send message with digital signature using own private key and encrypt using receiver's public key ---> receive authenticate the message using sender public key and decrypt using own private key
Hope it will clear your doubt.
regards,
Harish
Hi Harish !!
Counter Question. - Lets consider first just handshake scenario and no encryption.
Say I am using MuleSoft as source application ( WebService). -> SAP PI ( Middleware )
Now MuleSoft has shared there public certificate with PI. and we have imported that in KeyStore and WebSecurity under trustedCA.
Now Question is when MuleSoft is sending data to PI , do they have to add something extra with soap payload to add this digital signature?
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.