cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Need information on use of Salesforce certificate in SAP PI

Go to solution
former_member184948
Active Participant

on ‎01-19-2016 12:04 PM

0 Kudos

Dear Experts,

We are integrating Salesforce SFDC to ECC using SAP PI 7.4 dual stack.

There are few questions that I have .Please answer them.

1)For interacting with SFDC without any encryption. Do we need certificate from SFDC to be deployed in SAP PI ?

2) I've been given one .crt file by SFDC team .Will that be enough ? Because in past when I worked in Successfactors I used there website to extract three certs and deployed in NWA. So not sure if one cert from SFDC is enough?

3)SFDC resource who gave me this .crt file says its self signed Certificate. Will it be ok? or does it need to be CA authorized?

4)In anycase once we receive the right cert.Can we follow the method given in the below like to deploy the cert?

http://scn.sap.com/community/pi-and-soa-middleware/blog/2013/01/06/how-to-load-keys-and-certificates...

5)Do I need to ask the SFDC team for the cert or I can extract it from there website ? If possible can someone guide me on that ?

Thanks in advance

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member186851
Active Contributor
‎01-19-2016 1:05 PM
0 Kudos

Hello Dilip,

1)For interacting with SFDC without any encryption. Do we need certificate from SFDC to be deployed in SAP PI ?

Yes ,you need certificates for sure.

2) I've been given one .crt file by SFDC team .Will that be enough ? Because in past when I worked in Successfactors I used there website to extract three certs and deployed in NWA. So not sure if one cert from SFDC is enough?

The same like successfactors,You can get it from the Site and deploy the same.

3)SFDC resource who gave me this .crt file says its self signed Certificate. Will it be ok? or does it need to be CA authorized?

Shoud be fine.

4)In anycase once we receive the right cert.Can we follow the method given in the below like to deploy the cert?

http://scn.sap.com/community/pi-and-soa-middleware/blog/2013/01/06/how-to-load-keys-and-certificates...

yeah..

5)Do I need to ask the SFDC team for the cert or I can extract it from there website ? If possible can someone guide me on that ?

As answered in question 2 can extract and deploy the same.

One additional point make sure the certificate is having validity.

Show replies
Show replies
former_member184948
Active Participant
‎01-20-2016 6:23 AM
0 Kudos

Thanks Raghuraman for answering

former_member186851
Active Contributor
‎01-20-2016 6:49 AM
0 Kudos

Dilip close the thread if you query is addressed

former_member184948
Active Participant
‎02-12-2016 1:15 PM
0 Kudos

Hi Raghuraman,

the SFDC teammate gave me one crt certificate which I uploaded in NWA trusted CA.I shared with them one synch wsdl , but when he is trying to call that wsdl it gives error.

   Steps performed in sfdc:

- Created an entry in Remote site setting with correct IP and port. e.g. https://121.XX.XX.111:8082

- Generated stub/ apex classes from the SAP/ PI WSDL.

- Created a Self-Signed certificate and added it on SAP/PI server.

- While making a callout,

set clientCertName_x = 'my_certificate_name'.

set inputHttpHeaders_x = encoded_username_pwd_of_PI_server, used basic authentication.

Error:

FATAL_ERROR System.CalloutException: IO Exception: java.security.cert.CertificateException: No subject alternative names matching IP address 121.XX.XX.111:8082 found

  

Please suggest .

former_member186851
Active Contributor
‎02-12-2016 1:24 PM
0 Kudos

Hello Dilip,

If the SFDC team is making call to PI,then you should generate and upload keys in PI.

Then share PI keys to the SFDC team.

If you wish to hit the SFDC,The steps you have done are correct.

former_member184948
Active Participant
‎02-15-2016 2:20 PM
0 Kudos

Hi Raghuraman,

The flow is both ways, from SFDC to SAP and vice versa too.

I though we were only suppose to add SFDC cert to PI trusted CA.

If the SFDC team is making call to PI,then you should generate and upload keys in PI.

Then share PI keys to the SFDC team.

which keys we need to create in PI and share with SFDC? is this for authentication?

Also will we require any white-listing in PI server or trusted CA is sufficient ?

former_member186851
Active Contributor
‎02-15-2016 3:26 PM
0 Kudos

Hello Dilip,

One small confirmation, after importing the Certificate in Trusted CAs are you able to make call to SFDC?

Answers (0)

Ask a Question