Enforcing server certificate authentication at client side : meaning ?
Hello,
We have deployed this past summer SAP Hybris Cloud for Customer (formerly known as C4C) connected to our SAP ECC6 Landscape through SAPWebdisapthcer and HCI platform, in both directions (inbound/outbound).
It is working fine.
We just received some automatic email from SAP, that is creating some panic here, we have absolutely no idea of what it means :
SAP HCI will have a new server certificate and it might impact us if "if you are enforcing server certificate authentication at client side."
Is there anyone out there who can help decyphering what it means ?
I don't remember enfornign anything, I went through the HCI security Guide, no mention of "server certificate authentification at client side"
We added HCI certificates(Intermediary and Root certifivates) into SAP STRUST, SSL Client Standard :
That certificate is then used by outgoing RFC destinations to HCI
According to HCI security guide, "STRUST will be used to create a signed certificate in the PSE then when an outgoing connection is made that is using mutual authentication this certificate will be presented to the remote server to provide proof of identity"
So, is "mutual authentification" the same thing as "Enforcing server certificate authentication at client side"
I am really puzzled, any help woudl be appreciated
Thank you