cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Issue when configure client certificate(SSL)

Go to solution
Former Member

on ‎03-01-2008 7:43 AM

0 Kudos

Dear experts,

I am configuring Java Engine SSL with client certificate. When I choose request/require client certificate under SSL Provider in Visual Administrator, I always got the error "Page Not Found" when I connect to the Java Engine URL using IE browser through the https port, but when I choose do not request client certificate under SSL Provider, everything works fine. Does anyone have the similar experience? Any idea or suggestion are appreciated!

Thanks and Regards,

Nick

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎03-01-2008 7:59 AM
0 Kudos

Hi,

If your system with which you are using the IE to access the URL of Java Engine with HTTPS is within the firewall, and you are just getting the ping response normally for which no authorizations required.

But when you are trying to access any service of Java engine the you need to use the SSL certificates that have installed.

Plesae refer below links for proper configuration settings. May be any of the step is missing.

Step by step guide for SSL security

Configuring SSL Connection between

SAP XI and IBM WebSphere MQ

[Link Removed: PDF deleted 29 March 2011]

http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm

http://help.sap.com/saphelp_nw04/helpdata/en/ff/7932e4e9c51c4fa596c69e21151c7d/content.htm

http://help.sap.com/saphelp_nw04/helpdata/en/13/4a3ad42ae78e4ca256861e078b4160/content.htm

http://help.sap.com/saphelp_nw04/helpdata/en/3a/7cddde33ff05cae10000000a128c20/content.htm

http://help.sap.com/saphelp_nw04/helpdata/en/0a/0a2e0fef6211d3a6510000e835363f/content.htm

General guide

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a09f3d8e-d478-2910-9eb8-caa6516d...

Message level security

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba68...

Regarding message level you can encrypt the message using certificates.

For both of this basis team has to deploy the releavant certificates in XI ABAP Stack or Java stack.

Generally if the scenarios are intra company we dont use any transport level or message level security since the network is already secured.

Check the following links.. you will get the information all about the securities...

http://help.sap.com/saphelp_nw04/helpdata/en/f7/c2953fc405330ee10000000a114084/content.htm

Also read thru this link for message level security - https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba68...

Also find soeminformation in these links

http://help.sap.com/saphelp_nw2004s/helpdata/en/a8/882a40ce93185de10000000a1550b0/frameset.htm

/people/aparna.chaganti2/blog/2007/01/23/how-xml-encryption-can-be-done-using-web-services-security-in-sap-netweaver-xi

Thanks

Swarup

Edited by: Jason Lax on Mar 29, 2011 2:09 PM

Show replies
Show replies
Former Member
‎03-01-2008 8:27 AM
0 Kudos

Swarup,

Thank you for your quick answer! Actually I solved it just now. I missed one step to configure the authentication, and now it works fine. But anyway, thank you very much!

Thanks and Regards,

Nick

Former Member
‎04-23-2008 4:23 PM
0 Kudos

Hi Yang,

I am now facing the same problem.

Please advise me what step you were missing.

Thanks a lot for your help.

Pichet A.

Former Member
‎04-24-2008 2:31 AM
0 Kudos

Hi Pichet,

List the steps to configure client certificate as follows:

1. Set the UME property ume.logon.allow_cert to true. (Service-->UME Provider)

2. Import the public key and root ca certificate, or generate by yourself (Service-->Keystrore)

3. Specify request for client certificate for specific SSL socket – Managing Client Authentication using root ca certificate (Service-->SSL Provider)

4. Map Client Certificate to UME User (Service-->Security Provider)

5. Adjust the login module stacks for those applications that will be accepting client certificates (Service-->Security Provider)

6. Import of the Private Key to the browser personal certificates.

Hope it helps you.

Regards,

Nick

Answers (0)

Ask a Question