cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Certificates after migration

Go to solution
former_member207701
Participant

on ‎07-17-2016 1:03 PM

0 Kudos

Hi Experts,

We are currently migrating our PI system

Can some one please clarify on below points.

1.how to generate AS2 certificates I tried in nwa I can create private and respective certificate,  how about public key which I need to share with third party? How to I generate public key?

2.how to generate ssl certificates?

3.For sftp is ssh key system specific because usually they are generated using putty do I need  to create ssh key again?

4.for soap outbound and inbound what certificated do I  need to provide?

5. Any other certificates which I have missed in the above list?

Thanks in advance

Kiran

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

bhavesh_kantilal
Active Contributor
‎07-18-2016 4:05 AM
0 Kudos

If you are migrating your PI server, why not take the existing certificates from the current Keystore into the new PI Server Keystore.

The only certificate that would need to be ideally regenerate would be your SSL certificate as in this case, the hostname will vary / change and hence the common name *might* need to be updated ( if a wild card is not used in the SSL Certificate for current host name ).

Regards

Bhavesh

Show replies
Show replies
former_member207701
Participant
‎07-18-2016 4:21 AM
0 Kudos

I thought AS2 certificates are also system specific isnt it ?

May i know how can i generate ssl certificate

bhavesh_kantilal
Active Contributor
‎07-18-2016 4:57 AM
0 Kudos
  • AS2 adapter uses your PI ( Private Key ) for Signing and Encryption. This has no dependencies on the PI server used and infact should definitely be export / imported from your previous PI Servers.
  • Likewise, for SSL Certificate like I have mentioned check if you have a LoadBalancer and what common name it uses? If this is a AS2 scenario, I doubt your SSL Certificate will use your PI Server name and would rather have a loadbalancer / webdispatcher that is used for the SSL Cert presentation. If you must generate the SSL certificate because the common name changes, you can do a SCN Search on how to generate SSL Certificates. There are more than enough documents on this on SCN..

Regards,

Bhavesh

former_member207701
Participant
‎07-18-2016 5:09 AM
0 Kudos

Bhavesh,

For earlier PI system we didnt had web dispatcher for for the new PO system we are having webdispatcher ?

in this case SSL would be generated from PI NWA or from webdispatcher ?

Sorry i am very new to these certificate concepts so i am asking these.

And one more query:

I tried in nwa I can create private and respective certificate,  how about public key which I need to share with third party? How to I generate public key?

Thanks ,

Bhavesh

bhavesh_kantilal
Active Contributor
‎07-18-2016 5:15 AM
0 Kudos
  • It can be generated in PI NWA and assigned to your Webdispatcher or generated in any external tools as well. As there is a Webdispatcher involved, the certificate should have the common Name of the Webdispatcher host and not the PI Host name.
  • The Key Pair generated in your NWA also contains the Public Certificate that needs to be shared with your partner. When you export your Private key you can also export just the public certificate.
  • Do check your previous PI Server - was the certificate a Self Signed Certificate or a one that is signed by a Certificate Authority? If it was signed by a CA ( Thwate, Verisign, etc ) then you might also need to get this done through your customers authorized CA.

Regards

Bhavesh

former_member207701
Participant
‎07-18-2016 6:05 AM
0 Kudos

I just checked and the Private is external vendor signed (verisign).

So now i have to create a private key + store certificate and then Generate CSR for private key share it to CA and after response import the CSR , and finally share the certificate which was generated with private key with third party am i correct ?

bhavesh_kantilal
Active Contributor
‎07-18-2016 6:27 AM
0 Kudos
  • Technically yes, these are the steps required for any Key paid.
  • But - I would like i have mentioned check if this step is really needed especially for the Signing / Decryption Certificate  as this should have a generic common name that is not dependent on the server and should ideally be a export /import to make sure none of your partners need to make any changes.
  • Likewise do check the SSL Certificate ( as I have mentioned previously ) - do not regenerate the certificates until it is a technical must as this will avoid changes on your partner end.

Regards

Bhavesh

former_member207701
Participant
‎07-18-2016 6:36 AM
0 Kudos

Thanks Bhavesh for your valuable time

I will check more on this and get back to you if anything required.

Thanks Again.

Answers (1)

Answers (1)

former_member186851
Active Contributor
‎07-17-2016 7:03 PM
0 Kudos

Hello Kiran,

Keys and certificates will be provided by third party If am not wrong,For SOAP and SSL.

for SFTP ,refer the below link

https://wiki.scn.sap.com/wiki/display/XI/Generating+SSH+Keys+for+SFTP+Adapters+-+Type+1

Other keys depends on various connections you have In landscape.

Show replies
Show replies
former_member207701
Participant
‎07-18-2016 3:11 AM
0 Kudos

Hi Raghu,

Thanks for your reply.

SSH keys can be generated in 2 ways:

1.Use Putty/Open SSH generate private key and public then install private in NWA and share public with third party.

2.Generate Private key directly in nwa then with the help of OPEN SSL extract public key from the generated private key and share with third party.

Now question is i ma not sure how the keys were generated in earlier old PI system , now after migration do i need to generate a new key pair or install the old private key in new NWA system ?

and what about AS2 certificate ?i am able to generate private key and respective certificate in nwa ? what do i need to share with third party ? how to generate public key ?

Thanks,

Kiran

Ask a Question