on 06-17-2015 1:59 PM
Hello Colleagues,
We have experience with setting up end to end AS2, FTPS scenarios in our PI system including the setup of certificates.
First of all, we have successfully installed the latest SFTP adapter 1004_2 in our PI system. The KBA guide is clear but we are having troubles in the configuration specifically the SSH keys and certificates to be installed. We are following the guide in
"http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/305eeb5b-81e7-2f10-d8aa-9216de04c..." FYI. Here are
our inquiries
1) It was mentioned in the guide to First convert the PI X.509
certificate into SSH based public key. We have done the OPenssl and
convertion to SSH. Prior to this, we have generated a key pair in NWA.
But there is no mention in the guide to upload something in NWA
keystore after we have done the convertions. Are we supposed to upload
the .ssh.pkey that we have converted? Also, we tried to upload this and
it seems that only .p12 is accepted in nwa. Are we supposed to convert
the .ssh.pkey that we have produced? this can be found on the page 6 of
your guide
2) In the guide it states to import in the 'sftp server' the
certificates. However in my BASIS experience, we only import
certificates in NWA keystore and not on the actual server itself.
Moreover, the configuration of PI is getting and referencing on the NWA
keystore and they cannot point their configuration in their
communication channel in a path located in the server.
3) We have also referenced to
guide "http://wiki.scn.sap.com/wiki/display/XI/Generating+SSH+Keys+for+SFTP+Adapters+-+Type+2" . But also, your guide states to import keys on
the actual SFTP server. how can PI get this certificate on their
configuration?
4) Also in mentioning the SFTP server in the system, does this mean to import the certificate in the PI server or the server of our partner?
So basically, how can we proceed with this bearing in mind that the
certificates should be uploaded in NWA keystorage? Hoping for your
knind help. We installed this component so that we can communicate with
the 3rd party that is integral to our business process.
Hoping for your help
Meinard
There are two types of authentication. Basic and Private key based.
All the steps that you were referring to are applicable onlywhen you choose "key based" authentication.
>>>It was mentioned in the guide to First convert the PI X.509
certificate into SSH based public key. We have done the OPenssl and
convertion to SSH. Prior to this, we have generated a key pair in NWA.
But there is no mention in the guide to upload something in NWA
keystore after we have done the convertions. Are we supposed to upload
the .ssh.pkey that we have converted? Also, we tried to upload this and
it seems that only .p12 is accepted in nwa. Are we supposed to convert
the .ssh.pkey that we have produced? this can be found on the page 6 of
your guide
You don't need to import the public key into PI NWA but you'll have to copy this on to your SFTP server
>>>2) In the guide it states to import in the 'sftp server' the
certificates. However in my BASIS experience, we only import
certificates in NWA keystore and not on the actual server itself.
Moreover, the configuration of PI is getting and referencing on the NWA
keystore and they cannot point their configuration in their
communication channel in a path located in the server.
May be you misunderstood here. The blog suggests you to import the Public key(after converting the PI certificate) on to SFTP server but nothing into PI NWA.
>>>4) Also in mentioning the SFTP server in the system, does this mean to import the certificate in the PI server or the server of our partner?
Import the public key into server of your partner.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.