cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP PI 7.4 - SOAP UI Soap Sender

Former Member

on ‎11-27-2015 10:43 AM

0 Kudos

Hi All,

I have read all the blogs related to SOAP UI - SAP PI 7.4 web service scenarios with client authentication.  But could not get sufficient details on which keys needs to be imported where....?

I had already seen this blog :

http://scn.sap.com/blogs/srikanthforsap/2011/01/06/soap-ui-tool--soap-https-client-authentication

But I am confused by the below statements :

  • Private Key enabled certificate loaded into sending party’s key store & linked to your scenario;
  • Private Key is shared with PI consultant;
  • Public Key enabled certificate shared with PI consultant;

Can somebody please explain what keys and certificates need to  imported in SOAP UI for consuming web services.  From SOAP UI I am getting the error Client Certificate required.

Thanks in advance

Sri

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎12-04-2015 8:46 AM
0 Kudos

Hi Nick,

Sorry for the delay in replying.

I have created keystore as given in Inaki's link.

"you simply need to import the certificate chain used to sign your keypair into the TrustedCAs keystore view"


What is this certificate chain? I have a private key and Certificate after generating keypairs. I am generating CSR response for the private key in p12 format and uploading this CSR response in soapui. Certificate is copied into TrustedCA's store. Am I doing correct?


"You then need to import your public key certificate (for the private key that you are using in SOAPUI) into the Java UME in the Certificate Mapping tab against a service account."


I have done this step too. In the sender SOAP communication channel I have given below configuration.


In the keystore entry for request I had checked with Webservicessecurity key as well.



You then need to import your public key certificate (for the private key that you are using in SOAPUI) into the Java UME in the Certificate Mapping tab against a service account.


I have done this certificate mapping in SSL provider. Under TrustedCA's. Is it Correct?


"After I do this still get the same error. Client Certificate required"


Please guide me on this.


Regards,

Sri


Show replies
Show replies
Former Member
‎11-30-2015 6:17 AM
0 Kudos

Hi Sri,

This is a subject that creates enormous confusion. I thoroughly recommend reading about the fundamentals of X.509 certificates so that you understand the concepts at play here. The sender should never disclose the private key, only the public key (via the certificate) should be exchanged with PI and mapped against a user in the PI UME. To generate a key pair you can use any SSL implementation such as SAP's own implementation suggested by Inaki. You can also use a corporate PKI or a trusted 3rd-part (Verisign etc).

In the sender communication channel you only need to select HTTPS with Client Authentication assuming all related global configuration has already been performed (check thread )

In particular....

If using the Java UME I assume you have followed these steps to configure the login module and SSL access point:

Using X.509 Client Certificates on the AS Java - User Authentication and Single Sign-On - SAP Librar...

You then configure certificate mapping by following these steps:

Maintaining the User's Certificate Information - Identity Management - SAP Library

Hope this helps.

Nick

Show replies
Show replies
Former Member
‎11-30-2015 6:58 AM
0 Kudos

Hi,

I have done all the configurations as given in the above links.  Let me give my scenario here.

I am creating public/private key in my system using puttygen. I created keystore in PI NWA as well. Do I need to exchange & import certificates in both SOAPUI & PI keystore (My_Keystore) (public keys from both systems i.e. from my system and PI NWA) ?

Thanks for your response.

Regards,

Sri

Former Member
‎12-01-2015 12:47 AM
0 Kudos

Hi Sri,

You won't be able to use puttygen because it only generates SSH keypairs, not SSL. Use the link suggested by Inaki to generate your keypair.

A new keystore in PI NWA is not required, you simply need to import the certificate chain used to sign your keypair into the TrustedCAs keystore view.

You then need to import your public key certificate (for the private key that you are using in SOAPUI) into the Java UME in the Certificate Mapping tab against a service account.

Provided that you have set up all of the configuration correctly that should be all.

Regards,

Nick

iaki_vila
Active Contributor
‎11-27-2015 11:22 AM
0 Kudos

Hi Sri,

With the public key would be necessary for SOAPui, have you are generating this key?

Regards.

Show replies
Show replies
Former Member
‎11-27-2015 11:27 AM
0 Kudos

Hi Inaki,

I generated the public key with Puttygen. Can you please let me know where this key should be placed in keystore either in TRUSTEDCA's or in my own created view.

Is there no need to export certificates from PI keystore and upload in soapui?

Also what are the values should I give for encrypting the message in SOAP Sender ICO?

Thanks

Sri

iaki_vila
Active Contributor
‎11-27-2015 11:35 AM
0 Kudos

Hi Sri,

Try to use SAP tools, Creating a Key Pair and Public-Key Certificate and Signing It - System Security - SAP Library

Regards.

Former Member
‎11-30-2015 5:22 AM
0 Kudos

Hi Inaki,

Thanks for your reply. Will check it and update.

Regards,

Sri

Ask a Question