Skip to Content
1

Enforcing server certificate authentication at client side : meaning ?

Feb 01, 2017 at 04:22 PM

125

avatar image

Hello,

We have deployed this past summer SAP Hybris Cloud for Customer (formerly known as C4C) connected to our SAP ECC6 Landscape through SAPWebdisapthcer and HCI platform, in both directions (inbound/outbound).

It is working fine.

We just received some automatic email from SAP, that is creating some panic here, we have absolutely no idea of what it means :

SAP HCI will have a new server certificate and it might impact us if "if you are enforcing server certificate authentication at client side."

translation-needed.png

Is there anyone out there who can help decyphering what it means ?

I don't remember enfornign anything, I went through the HCI security Guide, no mention of "server certificate authentification at client side"

We added HCI certificates(Intermediary and Root certifivates) into SAP STRUST, SSL Client Standard :

example.png

That certificate is then used by outgoing RFC destinations to HCI

rfc.png

According to HCI security guide, "STRUST will be used to create a signed certificate in the PSE then when an outgoing connection is made that is using mutual authentication this certificate will be presented to the remote server to provide proof of identity"

So, is "mutual authentification" the same thing as "Enforcing server certificate authentication at client side"

I am really puzzled, any help woudl be appreciated

Thank you

example.png (48.9 kB)
rfc.png (41.2 kB)
10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Daniel Fassnacht Feb 14, 2017 at 07:55 AM
0

Hi Raoul,

I got the same mail and don't know what to do.

Did you get any answers so far?

Regards,

Daniel

Share
10 |10000 characters needed characters left characters exceeded