cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Axis adapter certificate installation

Go to solution
Former Member

on ‎07-04-2016 9:48 AM

0 Kudos

I am using SOAP Axis Receiver adapter. Client has given a certificate.

Is itenough to import it in NWA or are there any more steps? Axis Receiver doesn't have public key and private key. Are there certificates without private and public key?

IN the modeule configuration I can see

there is wssec as module key

then a username

and a paswrod

do we have to enter this password in NWA also?

should the client give this password

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

nitindeshpande
Active Contributor
‎07-04-2016 10:38 AM
0 Kudos

Hi Midhun,

These types of certificates are used for Transport level authentication, hence do not require private keys.

You can import these certificates in TrustedCAs keystore view and it should work.

Please note the certificates must be CA signed and must have 3 chain certificates.

1. Root CA

2. Intermediate CA

3. Main Certificate

Ensure you install the certificates in the above mentioned sequence.

Keep us updated on the progress.

Regards,

Nitin

Show replies
Show replies
Former Member
‎07-04-2016 10:55 AM
0 Kudos

Hi Nithin

Thanks for the help..

Please note that I got only one certificate from the bank.. It's a text file.

So should I ask them about the remaining certificates? Or could be that they give the final certificate after merging all certificates?

Should I need a password? Like I said in module key of wssec I have seen that. What should I type there? Should the bank provide that password... what password should I ask them? password to decrpt file

Regards

hemanth2
Product and Topic Expert
Product and Topic Expert
‎07-04-2016 11:16 AM
0 Kudos

Dear Midhun,

Hope you are doing good.

The certificate order should be: server - inter - root.

You can use the below link to test the certificate:

http://demo.iaik.tugraz.at/sslinfoservlet/servlet/iaiksslserverinfo/

The output will help you further; the root cert should be in 1st position. If not, this needs to be changed by the provider of the certs as iaik has strict checks on the order of certificates.


Hope this helps.

_ _ _ _ _ _ _ __ _ _

Kind Regards,

Hemanth

SAP Product Support

_ _ _ _ _ _ _ _ _ _ _

Join me online: http://scn.sap.com/people/hemanth.kumar/content

hemanth2
Product and Topic Expert
Product and Topic Expert
‎07-04-2016 11:18 AM
0 Kudos

Also,in case of issues, do run the XPI Inspector for troubleshooting XI > Example 50  (XI Channel) as per SAP Note 1514898

Former Member
‎07-04-2016 11:18 AM
0 Kudos

I still didn't get it

I got only one certificate from the bank

So should I ask them for two more?

How do I know which of these three certificates they have given?

Former Member
‎07-04-2016 11:20 AM
0 Kudos

I get three options in Trusted CAs

Which one should I select?

I am using wssec module in receiver soap axis adapter,

hemanth2
Product and Topic Expert
Product and Topic Expert
‎07-04-2016 11:50 AM
0 Kudos

Dear Midhun,

I would say as we do not have much clarity, please import a x.509 and check. Run the XPI inspector if there are any issues.

_ _ _ _ _ _ _ __ _ _

Kind Regards,

Hemanth

nitindeshpande
Active Contributor
‎07-04-2016 12:48 PM
0 Kudos

Hi Midhun,

You must use the X.509 certificates. You need not use anything in WSSE module as you are just authenticating at the transport level and not the data. Just use HTTPs URL of the 3rd party, after deploying the certificates in Trusted CAs it should work.

WSSE is used to sign and encrypt the data you are sending the data to your 3rd party and your 3rd party must have capability to decrypt and verify it.

You can go through the below blog for more information on WSSE -

@Hemanth - I am not sure why you are suggesting him to run XPI inspector when there is no issue. XPI inspector is used, only when you are not able to identify the error from the error description in the Audit log.

Regards,

Nitin

Former Member
‎07-04-2016 6:49 PM
0 Kudos

Hi Nitin

Thanks again

I have got only one certificte from the client.

should I ask for the remaining two? this is one question thats bothering me a lot. I am actuallly doing a roll out of existing project. I am copyng an existing interface.

I asked for certifixate and the bank gave just ONE crtificate

also there are lots of wssec parametrs incuded in the module. They are using it. I need passowrd for that from them

Answers (1)

Answers (1)

manoj_khavatkopp
Active Contributor
‎07-04-2016 7:27 PM
0 Kudos

You need to check if the given certificate is enough or do u need root and inter certificate to, check this blog on how to verify the certificates manually :

and regarding the WSSE in the modules this  password is usually provided by third party which is used in webservice authentication at soap header level.

Show replies
Show replies
Former Member
‎07-04-2016 7:52 PM
0 Kudos

HI Manoj

I am copying an interface from existing project to a new project and there is no FS.

I have seen two passwords..

One under connection parameters, I guess this is for the serveice endpoint

The second one is in the adapter module.

So I have to ask the bank for webservice authentication password, right?

if the details are all entered correctly, then the ping of the cc should also work, right?

manoj_khavatkopp
Active Contributor
‎07-04-2016 8:04 PM
0 Kudos

Midhun there are usually 2 ways by which userid and password authentication is done with Webservice either passing it at http header level which is done simply by configuring user authentication at channel level and other way is by passing at soap header level which can be done by addsoapheaderbean/custom soap envelope by java or xslt or by wsse in module level.

I would suggest you to try the same password at module level which you have already. 

Former Member
‎07-05-2016 7:04 AM
0 Kudos

I don't have any password.

They have given only a certificate.

I need two passwords from them, one for the service and another for the webservice authentication

manoj_khavatkopp
Active Contributor
‎07-05-2016 7:08 AM
0 Kudos

AFAIK the userid/password for both will be same.

Do u see different user id in the connection parameter and in module for wsse ?

Former Member
‎07-05-2016 7:52 AM
0 Kudos

HI

Under Connection Parameters

URL the url

Authentication BASIC

User <bankname>admin

Under Module Configuration:

ModuleKey      Paramatername      Parametervalue

wssec              action                    encrypt

wssec             pwd.password          password

wssec             user                       online<bankname>encrypt

So there are two userids in the communication channel

Axis is a real head ache

Former Member
‎07-05-2016 11:07 AM
0 Kudos

I added the certificate to the Trsusted CAs in NWA, and I am not able to see it.

The extension of the certificate was .txt

Should I convert it to something else before I import it?

manoj_khavatkopp
Active Contributor
‎07-05-2016 1:33 PM
0 Kudos

if you are importing this certificate as X.509 you need to change it to .cer usually.

Ask a Question