cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HTTPS external und internal to SAP PI - certificate configuration under STRUSTSSO2

former_member285279
Participant

on ‎12-02-2014 9:41 AM

0 Kudos

Hello Colleagues,

we have following problem.

We have company internal and company external HTTPS interfaces to our SAP PI system.

For HTTPS in Transaction STRUSTSSO2 under "SSL server Standard" we have to trust (certificate sign request "CSR") the own certificate.

Currently, the ssl own certificate is trusted by our own internal CA.

Now the problem. For external HTTPS interfaces to our SAP PI system we need to have a own certificate trusted by an external CA like VeriSign.

How we are able to configure this, internal and external trusted sign under transaction STRUSTSSO2 for SSL server Standard?

Many thanks in advance!

Regards,

Jochen Schertel

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎12-02-2014 10:13 AM
0 Kudos

Hello Jochen,

is this a PI connection, SOAP adapter, for example? Or do you do plain HTTP? I'd recommend you to go for a SOAP adapter and use keystore in NWA. You'll have a lot more freedom and options there.

Regards,

Jörg

Show replies
Show replies
former_member285279
Participant
‎12-02-2014 12:27 PM
0 Kudos

Hello Jörg,

many thanks for answer.

The problem is, all SAP PI incoming connections terminates on the ICM (ABAP). So the HTTPS configuration has to be done in transaction STRUSTSSO2.

Regards,

Jochen

Former Member
‎12-02-2014 12:43 PM
0 Kudos

Hello Jochen,

you may be right if that communication is to the ABAP stack directly. However, if you send messages to the AS Java, you have to do the configuration in NWA. See here:

Configuring the Use of SSL on the AS Java - Network and Transport Layer Security - SAP Library

In this case, all configuration in ABAP stack will have no effect and is not required.

Regards,

Jörg

Ask a Question