cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PGP Configuration

Go to solution
Former Member

on ‎06-15-2016 11:54 PM

0 Kudos

Hi All,

We are in process of configuring PGP for our SAP PO 7.4 Landscape.

I got all configuration related information but have few doubts about PGP -

1) I checked that when we generate public,private certificate for our SAP PO system suppose on Dev system then same certificates can be copied to QAS system and can be used for PGP configuration

But my confusion is normally anywhere certificates are server dependent like we use SSO, SSL then how certificates generated for PGP can be used on all servers and in case all certificates are independent of server then how at target like on fusion, Team will identify which server is sending data.

2) I saw that there is an addon on my PO server - PI SFTP PGP ADDON, But I am not sure if this server plays any role for PGP configuration.

3) PGP configuration generates a directory .gnupg under sidadm home directory, Does this directory contains imported certificate information of third party system or anyother our local system specific configuration also resides in this directory.

Please suggest.

Shivam

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

vicky20691
Active Contributor
‎06-23-2016 10:12 AM
0 Kudos

Hi Shivam ,

Harish has already answered your questions correctly.

1. PGP keys are independent of SSO/SSL and they are not bind to any properties of any specific servers. The keys can be placed at NFS location of any SAP PI environment, any number of time and it will work.

But, BEST PRACTICE is to generate new key for each server

2. SFTP add-on brings PGP encryption / decryption module in the system. After installing this add-on only you can use this module with any channel

3. The .gnupgp would have been created as someone(who created the keys) would have created it using .gnupgp on the sidadm server. If you create the keys somewhere else/on any other system like your own machine and then copy it to server no such directories will be created.

Regards,

Vikas

Show replies
Show replies

Answers (2)

Answers (2)

Former Member
‎06-22-2016 2:19 AM
0 Kudos

- You can download and install keys with various options available, prefer to have separate keys for all landscape (D,Q,P)

- You need to specify all parameters(Compression, Algorithm & Password) in channel - module

- If you are using PGP, you need to install PGP Addon, Basis will help you in this [compatabile PI 7.31 SP3 onwards]

- if you have option to use another keys like SSL then not need to go for Addon

Simply load keys in nwa/keystore [Ensure keys are supplied with correct & supported format]

Show replies
Show replies
Harish
Active Contributor
‎06-16-2016 4:07 AM
0 Kudos

Hi Shivam,

1) I checked that when we generate public,private certificate for our SAP PO system suppose on Dev system then same certificates can be copied to QAS system and can be used for PGP configuration

But my confusion is normally anywhere certificates are server dependent like we use SSO, SSL then how certificates generated for PGP can be used on all servers and in case all certificates are independent of server then how at target like on fusion, Team will identify which server is sending data.

---->>> The keys are independent of server but the best practice is to generate/use seperate key for DEV, QA and Prod.

2) I saw that there is an addon on my PO server - PI SFTP PGP ADDON, But I am not sure if this server plays any role for PGP configuration.

-->> The addon enables the PGP module and you can use the module in communication channel module tab pgp encryption and decryption.

refer the below blog

regards,

Harish

Show replies
Show replies
Ask a Question