on 08-27-2007 6:00 PM
I want to configure SSL for our PI 7.0 system. I have:
- Configured SSL on the Java Stack and tested it. It works fine.
- Configured SSL on the ABAP and tested it. It works.
I know to enable HTTPS I need to change the following exchange profile parameter:
com.sap.aii.connect.secure_connections = messaging
I think I need to change the J2EE server
SAP XI AF CPA Cache to register with the http/https ports and the Fully qualified domain name (so to match the SSL Certificate).
The big question is:
Do I need to change the URL for the Integration Server (in the business system in the SLD)? For example:
https://<hostname>.domain.com/sap/xi/engine?type=entry
(where https is the default 443 so I don't have to specify the port).
-
Or can we just leave that as the default HTTP connection as below?:
http://<hostname>.domain.com/sap/xi/engine?type=entry
Any help is greatly appreciated since I don't have access to a sandbox and it is trial and error (with developers needing to use the system). Thanks!
Hi George,
it depends. The IS URL in the SLD is usually used for the XI internal communication, meaning for communication between the Adapter Framework (AFW) and the Integration Server (IS).
Usually you do not need to define this communication with HTTPS, but if you have this requirements, you have to change the IS URL information in the SLD accordingly.
Usually more important is the IS communication from other backend systems, where you have to manipulate the URL to contain the HTTPS now.
Best regards,
Silvia
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The documentation says that "the internal PI communications and the messaging communications must be configured to use these HTTP connections". So only the CPA Cache service has to have a HTTPS port? When I had changed it before the Adapter Cache (SXI_CACHE) showed the adapter engine URL has https. So the Integration server URL only matters for internal communications not messaging?
I agree with Silvia here.
The entry can continue to point to the default port / default URL of the Integration Server as you would need to authenticate only the end point and not internal XI calls.
Also, if I remember correct, the SSL port is always one port higher than the default port both for J2EE and ABAP stack.
@Silvia : Nice to see ppl from SAP (especially the author of CTS+ article ) contributing on the XI forums. Need more people like you here
Regards
Bhavesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.