Thank you for the link.

So now I am wondering whether the HTTPS Request goes directly to the ABAP Stack even if I have configured and HTTP Sender Communciation Channel with Client Authentification.

How should the URL look like compared to an HTTP connection? Just a different port?

Hi

Please follow below steps for HTTPS configuration as sender

You need to use either SOAP adapter or XI Adapter for HTTPS connectivity.

Here configure the Security Check for Inbound Messages.

Refer below links

http://help.sap.com/saphelp_nw04/helpdata/en/fc/5ad93f130f9215e10000000a155106/frameset.htm

http://help.sap.com/saphelp_nw04/helpdata/en/4f/0a1640a991c742e10000000a1550b0/frameset.htm

SAP Security Guide XI, HTTP and SSL

http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/content.htm

http://help.sap.com/saphelp_nw04s/helpdata/en/97/818a4286031253e10000000a155106/frameset.htm

No configuration is required in the adapter-specific sender channel configuration (inbound) of the Integration Directory.

The authentication/authorization is performed by the J2EE Engine and therefore needs to be configured with the Visual Administrator. This configuration is described in the J2EE Engine Administration Manual and is outlined in the following section.

When a message is to be sent to the Adapter Engine (and ultimately to the Integration Server), the J2EE Engine serves as the SSL Server and presents its server certificate to the client as part of the SSL handshake procedure.

Client-Side Configuration (Required)

The public certificate of the trusted authority (CA) that signed the public certificate of the SSL server needs to be imported to the list of trusted certificates of the SSL client. This allows the SSL client to accept the certificate of the server in the SSL handshake.

Server-Side Configuration (Optional)

If basic authentication is used, no additional configuration is required on server side.

If client certificate authentication is requested or required by selection of the corresponding option in the SSL service and configuration of the ClientCertLoginModule in the SecurityProvider service (using the J2EE Administration Tool), additional configuration steps are required.

If the server certificate check on the client side is successful, the client sends its public certificate to the server as part of the SSL handshake (when requested). The server needs to map the certificate to a user for authentication and will then check the authorization based on the security roles of the user.

Perform the following steps to allow the J2EE engine to map the client certificate to a user:

1. Import the CA cert of the client certificate to the list of trusted certificates (TrustedCAs keystore view in the keystore service) and import the client cert to an arbitrary keystore view.

2. Map the client certificate to an existing user with role SAP_XI_APPL_SERV_USER by using the Visual Administrator, SecurityProvider service, UserManagement tab page.

Refer below link

Here u go

http://help.sap.com/saphelp_nw04/helpdata/en/65/6a563cef658a06e10000000a11405a/content.htm

http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm

Hi,

thank you very much for this helpful answer!

Just two more questions:

1. You say that SOAP or XI Adapter are possible for HTTPS requests. Is it really the XI Adapter and NOT the HTTP Adapter? In the HTTP Adapter you can also configure security

2. How should the URL look like in case you use the HTTP Sender Communication Channel is configured for Security Level "HTTPS with client authentification"? The same URL string as used for HTTP connection only with a different port?

Thank you very much for your additional explanation!

Hello,

you can use the HTTP Adapter!

You choose 'Sender' and 'HTTP Security Level' -> HTTPS with Client Authentication.

Your URL is just the address of your adapter (it's the same like without ssl) you don't even need a special port in this case something like '/sap/xi/adapter_plain...'.

Regards

Patrick

Hello,

this is very interesting. In our case the HTTP Port on the ABAP Stack is 8024 and the port for secure connection is 50401 configured on the Java Stack.

Does it mean that I also can use Port 8024 just with prefix https instead of http?

Thank you again for your help.

On more important qestion regarding the HTTPS Connection:

Which Client Tool would you recommend to test HTTPS connection via plain http and SOAP sender communication channels?

When using standard http clients we always get errors that obviously are caused by the client itself.

Hello,

in my opinon you send to your http-adapter, not even with https.

But you can test it with the code here:

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/66dadc6e-0a01-0010-9ea9-bb6d8ca4...

Regards

Patrick

I think you definitely need to send it via the URL "https ......" otherwise I get the error message "https required" if the communication is set to "HTTPS".

We tested it with the testing tool you sent me the link. However if we use https nothing happens and there is no message in the monitoring. I do not know why...

Hello,

i still think you have to use http but i am sure that you have to use the http port.

Your address has to look something like this:

http://<hostname>:8024/sap/xi/adapter_plain?namespace=.

And you need all parameters like described here:

http://help.sap.com/saphelp_nw04/helpdata/en/43/64db4daf9f30b4e10000000a11466f/frameset.htm

Another possibility to test your connection is to use a rfc destination (type G).

Regards

Patrick