cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SFTP adapter setup in PI 7.11

Former Member

on ‎06-17-2015 1:59 PM

0 Kudos

Hello Colleagues,

We have experience with setting up end to end AS2, FTPS scenarios in our PI system including the setup of certificates.

First of all, we have successfully installed the latest SFTP adapter 1004_2 in our PI system. The KBA guide is clear but we are having troubles in the configuration specifically the SSH keys and certificates to be installed. We are following the guide in

"http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/305eeb5b-81e7-2f10-d8aa-9216de04c..." FYI. Here are

our inquiries

1) It was mentioned in the guide to First convert the PI X.509

certificate into SSH based public key. We have done the OPenssl and

convertion to SSH. Prior to this, we have generated a key pair in NWA.

But there is no mention in the guide to upload something in NWA

keystore after we have done the convertions. Are we supposed to upload

the .ssh.pkey that we have converted? Also, we tried to upload this and

it seems that only .p12 is accepted in nwa. Are we supposed to convert

the .ssh.pkey that we have produced? this can be found on the page 6 of

your guide

2) In the guide it states to import in the 'sftp server' the

certificates. However in my BASIS experience, we only import

certificates in NWA keystore and not on the actual server itself.

Moreover, the configuration of PI is getting and referencing on the NWA

keystore and they cannot point their configuration in their

communication channel in a path located in the server.

3) We have also referenced to

guide "http://wiki.scn.sap.com/wiki/display/XI/Generating+SSH+Keys+for+SFTP+Adapters+-+Type+2" . But also, your guide states to import keys on

the actual SFTP server. how can PI get this certificate on their

configuration?

4) Also in mentioning the SFTP server in the system, does this mean to import the certificate in the PI server  or the server of our partner?

So basically, how can we proceed with this bearing in mind that the

certificates should be uploaded in NWA keystorage? Hoping for your

knind help. We installed this component so that we can communicate with

the 3rd party that is integral to our business process.

Hoping for your help

Meinard

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member184720
Active Contributor
‎06-17-2015 3:51 PM
0 Kudos

There are two types of authentication. Basic and Private key based.

All the steps that you were referring to are applicable onlywhen you choose "key based" authentication.

>>>It was mentioned in the guide to First convert the PI X.509

certificate into SSH based public key. We have done the OPenssl and

convertion to SSH. Prior to this, we have generated a key pair in NWA.

But there is no mention in the guide to upload something in NWA

keystore after we have done the convertions. Are we supposed to upload

the .ssh.pkey that we have converted? Also, we tried to upload this and

it seems that only .p12 is accepted in nwa. Are we supposed to convert

the .ssh.pkey that we have produced? this can be found on the page 6 of

your guide

You don't need to import the public key into PI NWA but you'll have to copy this on to your SFTP server

>>>2) In the guide it states to import in the 'sftp server' the

certificates. However in my BASIS experience, we only import

certificates in NWA keystore and not on the actual server itself.

Moreover, the configuration of PI is getting and referencing on the NWA

keystore and they cannot point their configuration in their

communication channel in a path located in the server.

May be you misunderstood here. The blog suggests you to import the Public key(after converting the PI certificate) on to SFTP server but nothing into PI NWA.

>>>4) Also in mentioning the SFTP server in the system, does this mean to import the certificate in the PI server  or the server of our partner?

Import the public key into server of your partner.

Show replies
Show replies
Ask a Question