cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

JVM - keystore - cacert file vs. NWA - key storage - TrustedCAs

Former Member

on ‎05-17-2016 2:37 PM

0 Kudos

Hello,

could anybody clarify in detail, when should we use and add certification as trusted to JVM keystore: cacerts file and when should we add them to "TrusdtedCAs" key storage in NWA? Specially at SAP PI system (see communicaiton channel with different adapters: JMS, HTTPS, SOAP, etc.) would be intresting for me.

Thanks in advance!

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

nitindeshpande
Active Contributor
‎05-17-2016 9:21 PM
0 Kudos

Hello Dezso,

Certificates added to the TrustedCAs are used for authenticating the transportation between your PI system and 3rd party by using HTTPs i.e, through SSL.This is for Transport level security.

Separate keystore view is usually created if u want to sign the message and use HTTP authentication. Usually this is done using the Private key. This is known as Message level security.

This does not change based on the adapters. For all the adapters it is the same functionality.

Regards,

Nitin

Show replies
Show replies
Former Member
‎05-18-2016 6:17 AM
0 Kudos

Hi Nitin,

thanks a lot for the answer, but it would like to know when should we use a cacerts file (OS level) of Java to save trusted certification and why is not enough to save them in key storage (TrustedCA) view of NWA in such case.

Br,

Dezső

bhavesh_kantilal
Active Contributor
‎05-18-2016 6:34 AM
0 Kudos
  • If you use any Adapters of PI to connect to a SSL Connection, you add the Certificate to the TrustedCAs in the SAP Keystore. This is because the Adapter's look at the Keystore of SAP for any Connection Validations.
  • If you end up writing a custom Java Code to perform a HTTP(s) connection, then the cacerts of your JVM is used for the SSL Connection as this is a direct connection from your Java Code which is getting executed within your JVM.
  • I have never in my experience had to use the Cacerts of the JVM until I do a direct connection from my UDF, and this has been for a very very specific and custom coding. In all likelihood, 99% of connections use the PI Adapters and hence the SAP Keystore..

Regards

Bhavesh

Ask a Question