cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SOAP Receiver Channel Certificate Issue

former_member194011
Participant

on ‎11-07-2014 12:05 PM

0 Kudos

Dear SDNers,

We are trying to interact with a 3rd party webservice which uses SSL & x509 WS-Security using a SOAP receiver channel .

Public Key of the webserivce is deployed in PI and PI private key has been shared with the 3rd party. HTTPS port is enabled on PI.

  • In the channel, enabled option "Select Security Profile" with "Web Services Security"
  • In ICO, Security Procedure (Request) = "Encrypt" but while selecting the certificate for encryption the 3rd party public key is not visible in the value list though it is successfully deployed in NWA. We have observed that KeyIdentifier is missing in the certificate.
  • we tried a work around by downloading the certificates from the web service website and deployed them in NWA. But we are now encountering the below error.

Please can you provide helpful suggestions ?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (6)

Answers (6)

former_member194011
Participant
‎11-10-2014 11:04 AM
0 Kudos

We have tried re importing the certificates from the 3rd party website again but now we are encountering the below error.

Nothing else was modified.

Any pointers would be really helpful.

Regards,

Kiran

Show replies
Show replies
Former Member
‎11-07-2014 3:34 PM
0 Kudos

Hi Kiran,

Restart your communication channel once and resend the message from PI.

Also, check with third party system if they have installed the certificate properly.

Regards,

Pranav

Show replies
Show replies
former_member194011
Participant
‎11-07-2014 1:46 PM
0 Kudos

small correction......

  • Public Key of the webserivce is deployed in PI and PI "Public" key has been shared with the 3rd party. HTTPS port is enabled on PI.


Our PI version is 7.30 Single Stack on SP 11


We have deployed the certificates in TrustedCA in NWA

Show replies
Show replies
JaySchwendemann
Active Contributor
‎11-07-2014 2:40 PM
0 Kudos

If I understand you correctly, you want to consume a 3rd party WS that uses client certificates for authentication.

If thats the case you need to check / provide 2 things:

  1. Your PI system must trust the 3rd party server. If the 3rd party servers endpoint address presents a certificate that is signed by a well known certification authority (a so called CA) like Thawte or Verisign you probably are good on this side. If it presents a self signed Certificate or a certificate signed by a non trusted CA you mus either import the server certificate to your PI or import the CA's root certificate to TrustedCAs
  2. You need to create a client certificate on your PI and send a CSR to the 3rd party for signing. You will get back a client certificate you need to import to your SAP PI keystore. You then use option "View Certificate Authentication" in channel and provide keystore data.

See here (also provided by Harish) for a better understanding of SSL on Soap receiver channel:

To troubleshoot increase log level or even better use XPI Inspector with template 50 giving your receiver channel name.

HTH

Cheers Jens

former_member194011
Participant
‎11-10-2014 7:44 AM
0 Kudos

Hi Jens,

We have deployed the certificates from the 3rd party website so i think we are good with step 1.

Step 2: Public key (certificate) is generated in PI and sent to 3rd party. Public Key certificate of 3rd party is deployed in PI keystore. In SOAP receiver channel under "View certificate authentication" only private keys are visible in value list.

We did this in channel & ICO:

  • In the channel, enabled option "Select Security Profile" with "Web Services Security"
  • In ICO, Security Procedure (Request) = "Encrypt" but while selecting the certificate for encryption the 3rd party public key is not visible in the value list though it is successfully deployed in NWA. We have observed that KeyIdentifier is missing in the certificate.

Still we see below error.

Thanks&Regards

Kiran

iaki_vila
Active Contributor
‎11-07-2014 12:32 PM
0 Kudos

Hi Kiran,

Have you restarted the ICM instance after the certificate installation?

Regards.

Show replies
Show replies
Harish
Active Contributor
‎11-07-2014 12:25 PM
0 Kudos

Hi Kiran,

Public Key of the webserivce is deployed in PI and PI private key has been shared with the 3rd party. HTTPS port is enabled on PI.


AFAIK - PI will share the public key and private key will not be shared.


Please check the below thread



regards,

Harish

Show replies
Show replies
suman_saha
Contributor
‎11-07-2014 12:16 PM
0 Kudos

Hi,

Have you followed the steps as mentioned in

Suman

Show replies
Show replies
Ask a Question