cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP ERP MSS/ESS HTTPS integratio

Go to solution
former_member404908
Explorer

on ‎03-13-2016 5:01 PM

0 Kudos

Dear Experts,

I am doing a configuration between a SAP Portal 7.4 and ERP 7.4.

That's fine, they're working fine with Assertion Tickets, now I need to configure them to communicate through HTTPS when I access the MSS and ESS places on Portal.

But when I get the configuration done, Internet Explorer is requestsing ERP Certificate.

1 - Can you guys give me a guess of what is going on?

2 - The point is HOW can I export a trusting certificate from my AS ABAP to install it on Internet Explorer?

3 - Is there any other way to make Portal and ECC communicate each other?

4 - To add some more information, the point is that I want to secure all cookies from SAP Note 2068872 because some of the cookies are non secure, check response from Internet Explorer:

Cookies:

Name    Active
Value    true
Host    xxx.xxx.xxx.xxx
Path    /sap/bc/webdynpro/sap/
Expires    Sun, 31 Dec 2017 23:59:59 GMT
Secure    No
HttpOnly    No

Name    PortalAlias
Value    portal
Host   xxx.xxx.xxx.xxx
Path    /
Expires    At end of session
Secure    No
HttpOnly    No

Name com.sap.engine.security.authentication.original_application_url
Value    GET#IasJ9ucheCWkMntNENGea%2FzIoe7AUMztJ31HsQ7AffWnOwn2aGgBbEAI4s6vbv7dAH%2BKK8BF%2BzA4bosTQVI%2FtgUZCM7adrYF
Host    xxx.xxx.xxx.xxx
Path    /irj
Expires    At end of session
Secure    No
HttpOnly    Yes

Name    sap-login-XSRF_HRQ
Value    20160202130827-PX-yJKfOyst97polIsY-6A%3d%3d
Host   xxx.xxx.xxx.xxx
Path    /
Expires    At end of session
Secure    No
HttpOnly    Yes

Name    sap-usercontext
Value    sap-client=###
Host    xxx.xxx.xxx.xxx
Path    /
Expires    At end of session
Secure    No
HttpOnly    No

Name    saplb_*
Value    (J2EE17040520)17040550
Host    xxx.xxx.xxx.xxx
Path    /
Expires    At end of session
Secure    No
HttpOnly    No

Name    JSESSIONID
Value 8Hg9bcPV-ERv9PpoE-A0I2hENB-iUgGmBAQB_SAPWtrkPoC4O6nQYqv2Pm03bHfm
Host    xxx.xxx.xxx.xxx
Path    /
Expires    At end of session
Secure    No
HttpOnly    No

Name    JSESSIONMARKID
Value    yaPAwQJC5O3TzM-_5NXqby8vZGWq46brvCLKYEBAE
Host    xxx.xxx.xxx.xxx
Path    /
Expires    At end of session
Secure    No
HttpOnly    No

Name    MYSAPSSO2
Value    AjExMDAgAA5wb3J0YWw6UFMuR1NFQ4gAC3VpZHB3ZGxvZ29uAQAHUFMuR1NFQwIAAzAwMAMAA0VQUQQADDIwMTYwMjAyMTMxNQUABAAAAAgKAAdQUy5HU0VD%2FwEFMIIBAQYJKoZIhvcNAQcCoIHzMIHwAgEBMQswCQYFKw4DAhoFADALBgkqhkiG9w0BBwExgdAwgc0CAQEwIjAdMQwwCgYDVQQDEwNFUEQxDTALBgNVBAsTBEoyRUUCAQAwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE2MDIwMjEzMTUwMFowIwYJKoZIhvcNAQkEMRYEFC9YARw%2FfWcxabljnmQOhE2fZ6n5MAkGByqGSM44BAMELzAtAhQ4wV9UthGGnmFYwESNoyqT24SfWQIVAMohCvBQ4oUDCOBH47BWWVWzRGIK
Host    xxx.xxx.xxx.xxx
Path    /
Expires    At end of session
Secure    No
HttpOnly    Yes

Name    SAP_SESSIONID_SID_###
Value    pu3Sr8B9G91Hi15qfNTKDHFLhXLJrxHluMQAUFaBGCM%3d
Host    xxx.xxx.xxx.xxx
Path    /
Expires    At end of session
Secure    No
HttpOnly    No

Best regards,

Gabriel

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member185239
Active Contributor
‎03-14-2016 9:46 AM
0 Kudos

Hi Gabriel,

You are faing this issue as you are using a SSL for SSO.

You have to open the system object for the corresponding backend system and there you need to change the protocol from HTTPS to HTTP and this will work.

If you want to use SSL , then you need to import the certificates signed by CA.

With Regards

Ashutosh Chaturvedi

Show replies
Show replies
former_member404908
Explorer
‎03-16-2016 12:05 PM
0 Kudos

Ashutosh,

Yes, that's the point, I want to use SSL, now how to get the CA Certificate?

Any helpful guide?

Best regards,

Gabriel

former_member185239
Active Contributor
‎03-16-2016 2:11 PM
0 Kudos

Hi Gabriel,

Are you using Web dispatcher?

Configuring the SSL Key Pair and Trusted X.509 Certificates - Network and Transport Layer Security -...

Check the following rows in the link

1. Create new key pair entry to use for SSL

2. Generate a certificate signing request:

With Regards

Ashutosh Chaturvedi

Answers (1)

Answers (1)

Former Member
‎03-14-2016 9:17 AM
0 Kudos

Hello Gabriel,

Please check below thread and see if any step has been missed at your end:

Thanks.

Best Regards,

Anita

Show replies
Show replies
former_member404908
Explorer
‎03-17-2016 6:08 PM
0 Kudos

Hi Anita,


Thank you for reply.


Besides signing it with logon tickets, I want to secure connections through HTTPS and I've found that one way to secure logon is through SSL connection but I am failing to accomplish it because when Portal calls ESS/MSS Services from R/3 backend it requests a certificate because it is calling R/3 throug HTTPS protocol.

That's the point.

So Internet Explorer is asking for a trusted Certificate from my R/3 system but I am not pretty sure how to get a Trust Certificate.

Also I am not able to figure if there is another way of securing connection through HTTPS between Portal and R/3 if not by SSL...

Best regards,

Gabriel

Ask a Question