on 11-27-2015 10:43 AM
Hi All,
I have read all the blogs related to SOAP UI - SAP PI 7.4 web service scenarios with client authentication. But could not get sufficient details on which keys needs to be imported where....?
I had already seen this blog :
http://scn.sap.com/blogs/srikanthforsap/2011/01/06/soap-ui-tool--soap-https-client-authentication
But I am confused by the below statements :
Can somebody please explain what keys and certificates need to imported in SOAP UI for consuming web services. From SOAP UI I am getting the error Client Certificate required.
Thanks in advance
Sri
Hi Nick,
Sorry for the delay in replying.
I have created keystore as given in Inaki's link.
"you simply need to import the certificate chain used to sign your keypair into the TrustedCAs keystore view"
What is this certificate chain? I have a private key and Certificate after generating keypairs. I am generating CSR response for the private key in p12 format and uploading this CSR response in soapui. Certificate is copied into TrustedCA's store. Am I doing correct?
"You then need to import your public key certificate (for the private key that you are using in SOAPUI) into the Java UME in the Certificate Mapping tab against a service account."
I have done this step too. In the sender SOAP communication channel I have given below configuration.
In the keystore entry for request I had checked with Webservicessecurity key as well.
You then need to import your public key certificate (for the private key that you are using in SOAPUI) into the Java UME in the Certificate Mapping tab against a service account.
I have done this certificate mapping in SSL provider. Under TrustedCA's. Is it Correct?
"After I do this still get the same error. Client Certificate required"
Please guide me on this.
Regards,
Sri
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Sri,
This is a subject that creates enormous confusion. I thoroughly recommend reading about the fundamentals of X.509 certificates so that you understand the concepts at play here. The sender should never disclose the private key, only the public key (via the certificate) should be exchanged with PI and mapped against a user in the PI UME. To generate a key pair you can use any SSL implementation such as SAP's own implementation suggested by Inaki. You can also use a corporate PKI or a trusted 3rd-part (Verisign etc).
In the sender communication channel you only need to select HTTPS with Client Authentication assuming all related global configuration has already been performed (check thread )
In particular....
If using the Java UME I assume you have followed these steps to configure the login module and SSL access point:
You then configure certificate mapping by following these steps:
Maintaining the User's Certificate Information - Identity Management - SAP Library
Hope this helps.
Nick
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
I have done all the configurations as given in the above links. Let me give my scenario here.
I am creating public/private key in my system using puttygen. I created keystore in PI NWA as well. Do I need to exchange & import certificates in both SOAPUI & PI keystore (My_Keystore) (public keys from both systems i.e. from my system and PI NWA) ?
Thanks for your response.
Regards,
Sri
Hi Sri,
You won't be able to use puttygen because it only generates SSH keypairs, not SSL. Use the link suggested by Inaki to generate your keypair.
A new keystore in PI NWA is not required, you simply need to import the certificate chain used to sign your keypair into the TrustedCAs keystore view.
You then need to import your public key certificate (for the private key that you are using in SOAPUI) into the Java UME in the Certificate Mapping tab against a service account.
Provided that you have set up all of the configuration correctly that should be all.
Regards,
Nick
Hi Sri,
With the public key would be necessary for SOAPui, have you are generating this key?
Regards.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Inaki,
I generated the public key with Puttygen. Can you please let me know where this key should be placed in keystore either in TRUSTEDCA's or in my own created view.
Is there no need to export certificates from PI keystore and upload in soapui?
Also what are the values should I give for encrypting the message in SOAP Sender ICO?
Thanks
Sri
Hi Sri,
Try to use SAP tools, Creating a Key Pair and Public-Key Certificate and Signing It - System Security - SAP Library
Regards.
User | Count |
---|---|
85 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.