Soap Sender Problem Firewall

Former Member · ‎02-15-2008

HI,

I am doing Proxy~~>XI~~>Webservice ; sync scenario. Web service is in the out side of our network. What are the step i need to take.

1. We have a reverse proxy.

2. Endpoint contains HTTPS url.

Can you please provide me high level steps like

1. what changes i should do for the reverse proxy

2. Do I have to have ssl on abap and Java stock

Thank you

Monika

Former Member · ‎02-15-2008

Hi,

You need to setup SSL layer for HTTPS endpoint.

Possible HTTP security levels are (in ascending order):

HTTP without SSL

HTTP with SSL (= HTTPS), but without client authentication

HTTP with SSL (= HTTPS) and with client authentication

HTTPS comes in two flavors, both ensuring the confidentiality of data sent over the network

● Server authentication

Only the HTTP server identifies itself with a certificate that is to be verified by the client.

● Client authentication

Additionally, the HTTP client identifies itself with a certificate that is to be verified by the server.

A general prerequisite for using HTTPS in both the ABAP and the J2EE stack of the SAP Web Application Server (AS) is that the SAP Cryptographic Library is installed on the SAP Web AS. In addition, certificates (for example an X.509 certificate) must be used that have been issued by a company-internal Certification Authority (CA), or by an external trusted CA such as Thawte, Verisign, or TC Trustcenter.

In both ABAP and J2EE components, HTTPS server authentication is enabled as follows:

● Use transaction STRUST to set up an SAP Web AS ABAP engine as HTTPS server. If not already done, you have to import a certificate generated by a trusted CA identifying the SAP Web AS. In addition, you have to enable the HTTPS port in the ICM (Internet Communication Manager).

● Use transaction STRUST to set up an SAP Web AS ABAP engine as HTTPS client. If not already done, you have to import the certificate of the CA of the HTTPS server’s certificate. For an actual HTTPS connection, you have to use the HTTPS port of the server in a corresponding HTTP destination and you have to configure this HTTP destination for using SSL with the corresponding client certificate.

● Use the J2EE Visual Administrator to set up an SAP Web AS J2EE engine as HTTPS server. If not already done, you have to import a certificate generated by a CA identifying the SAP Web AS into the keystore named service_ssl in the Keystore service. In addition, you have to assign this certificate in the SSL Provider service.

● Use the J2EE Visual Administrator to set up an SAP Web AS J2EE engine as HTTPS client. If not already done, you have to import the certificate of the CA of the HTTPS server’s certificate into the J2EE engine’s keystore view named TrustedCAs.

Please go through below link for referance (above information is from below link)

http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm

http://help.sap.com/saphelp_nw04/helpdata/en/ff/7932e4e9c51c4fa596c69e21151c7d/content.htm

http://help.sap.com/saphelp_nw04/helpdata/en/13/4a3ad42ae78e4ca256861e078b4160/content.htm

http://help.sap.com/saphelp_nw04/helpdata/en/3a/7cddde33ff05cae10000000a128c20/content.htm

http://help.sap.com/saphelp_nw04/helpdata/en/0a/0a2e0fef6211d3a6510000e835363f/content.htm

General guide

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a09f3d8e-d478-2910-9eb8-caa6516d...

Message level security

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba68...

Regarding message level you can encrypt the message using certificates.

For both of this basis team has to deploy the releavant certificates in XI ABAP Stack or Java stack.