on 02-15-2008 5:58 AM
HI,
I am doing Proxy>XI>Webservice ; sync scenario. Web service is in the out side of our network. What are the step i need to take.
1. We have a reverse proxy.
2. Endpoint contains HTTPS url.
Can you please provide me high level steps like
1. what changes i should do for the reverse proxy
2. Do I have to have ssl on abap and Java stock
Thank you
Monika
Hi,
You need to setup SSL layer for HTTPS endpoint.
Possible HTTP security levels are (in ascending order):
HTTP without SSL
HTTP with SSL (= HTTPS), but without client authentication
HTTP with SSL (= HTTPS) and with client authentication
HTTPS comes in two flavors, both ensuring the confidentiality of data sent over the network
● Server authentication
Only the HTTP server identifies itself with a certificate that is to be verified by the client.
● Client authentication
Additionally, the HTTP client identifies itself with a certificate that is to be verified by the server.
A general prerequisite for using HTTPS in both the ABAP and the J2EE stack of the SAP Web Application Server (AS) is that the SAP Cryptographic Library is installed on the SAP Web AS. In addition, certificates (for example an X.509 certificate) must be used that have been issued by a company-internal Certification Authority (CA), or by an external trusted CA such as Thawte, Verisign, or TC Trustcenter.
In both ABAP and J2EE components, HTTPS server authentication is enabled as follows:
● Use transaction STRUST to set up an SAP Web AS ABAP engine as HTTPS server. If not already done, you have to import a certificate generated by a trusted CA identifying the SAP Web AS. In addition, you have to enable the HTTPS port in the ICM (Internet Communication Manager).
● Use transaction STRUST to set up an SAP Web AS ABAP engine as HTTPS client. If not already done, you have to import the certificate of the CA of the HTTPS servers certificate. For an actual HTTPS connection, you have to use the HTTPS port of the server in a corresponding HTTP destination and you have to configure this HTTP destination for using SSL with the corresponding client certificate.
● Use the J2EE Visual Administrator to set up an SAP Web AS J2EE engine as HTTPS server. If not already done, you have to import a certificate generated by a CA identifying the SAP Web AS into the keystore named service_ssl in the Keystore service. In addition, you have to assign this certificate in the SSL Provider service.
● Use the J2EE Visual Administrator to set up an SAP Web AS J2EE engine as HTTPS client. If not already done, you have to import the certificate of the CA of the HTTPS servers certificate into the J2EE engines keystore view named TrustedCAs.
Please go through below link for referance (above information is from below link)
http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
http://help.sap.com/saphelp_nw04/helpdata/en/ff/7932e4e9c51c4fa596c69e21151c7d/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/13/4a3ad42ae78e4ca256861e078b4160/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/3a/7cddde33ff05cae10000000a128c20/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/0a/0a2e0fef6211d3a6510000e835363f/content.htm
General guide
Message level security
Regarding message level you can encrypt the message using certificates.
For both of this basis team has to deploy the releavant certificates in XI ABAP Stack or Java stack.
Generally if the scenarios are intra company we dont use any transport level or message level security since the network is already secured.
Check the following links.. you will get the information all about the securities...
http://help.sap.com/saphelp_nw04/helpdata/en/f7/c2953fc405330ee10000000a114084/content.htm
Also read thru this link for message level security - https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba68...
Also find soeminformation in these links
http://help.sap.com/saphelp_nw2004s/helpdata/en/a8/882a40ce93185de10000000a1550b0/frameset.htm
/people/aparna.chaganti2/blog/2007/01/23/how-xml-encryption-can-be-done-using-web-services-security-in-sap-netweaver-xi
Step by step guide for SSL security
thanks
Swarup
Edited by: Swarup Sawant on Feb 15, 2008 7:02 AM
Edited by: Swarup Sawant on Feb 15, 2008 7:06 AM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.