Skip to Content
1
Former Member
Feb 21, 2014 at 10:24 PM

Doubts and clarification related to Certificates and SSL

1123 Views

Dear Experts,

After reading many blogs on SCN and SAP help content, still I have few doubts which I wants to clarify with you guys.

our basis team has installed the brand new PI 7.4(dual stack) server, we need communicate with bank by using HTTPS(SSL), bank has provided signed(verisign) test certificates(DigitalSignature.jks and SSL.jks) to install in our QA PI server. We need to use this certificate for transport level security as well as for message level(for digital signature from mapping) . All our scenarios are Proxy to HTTP_AEE synchronous.

Bank has not asked us for any generated CSR from QA PI server before sending this certificate to us, they said you can use this certificate for DEV and QA environment, this project is Re-implementation project from SAP BC to SAP PI , so they also said you can use the same certificate(installed on BC prod) for PI prod server.

Questions

  1. Can we install the same certificate for another server if the certificate is already in use on different server? I think we can not , please confirm.
  2. Is it mandatory to generate the CSR on the PI server and send it to CA, and then CA will generate the certificate by using the CSR, and will provide the certificate to install.
  3. While importing the certificates, in "import entry" which which certificate needs to be selected if we have more than one .jks file, for eg in my case I have two certificates(DigitalSignature.jks and SSL.jks), moreover, what should be the "entry type" among X.509 Certificate,PKCS#12 Key Pair and PKCS#8 Key Pair, bank should tell this to us, in our case?
  4. Do we need more than one certificate if we have enabled SSL, I mean one separate certificate for SSL, as mentioned in this blog.
  5. Under which views our certificate should go among ICM_SSL_< instance _ID>,TrustedCAs and service_ssl , if we are using SSL? and why.please explain.
  6. Do we need to enable SSL on As java, as well as As ABAP, I think we only need to enable As Java. Please confirm.

I have gone through the below mentioned blogs ans many more, so please just try to help me to get my answers.

How to Load keys and certificates in SAP PI 7.3, SAP PO 7.3 EHP1 NWA's Key Storage

Configure the HTTP_AAE receiver communication channel with SSL

Adding Certificates to PI

Please help me as much you can, as my basis guy is not have any prior experience in installing certificates in PI. I have attached the certificates received from bank,

Thanks,

Farhan