Accepted Solutions (0)
Answers (6)
hola alessandro fijate que estoy generando el certificado como dice la guía pero me eh atascado en el paso 12 la contraseña me dice que es incorrecta, me pueden ayudar con esto porfavor
Gracias por la ayuda. alguien me podría ayudar con la este inconveniente ya genere eh instale el certificado en mi movil pero aun me sigue apareciendo el mensaje de seguridad
Hola de nuevo compañera.
No comprendo a que error te refieres pero tal vez esta nota te pudiera servir:
| ||||||||
|
Content: Summary | Header Data | Validity | References
|
No lo olvides que:
Es importante contar con el apoyo y la aceptación entre los miembros que formamos parte de esta comunidad. Tanto quien escribe una pregunta, como quien responde la misma, debe recibir un feedback constante.
Si no llegaramos a comprender para qué dar puntos, o dar feedback, la relación de comunidad se rompe. Cuando abrimos un nuevo tema (una nueva discusión) y recibimos ayuda, pero no agradecemos dando "puntos de reputación", es como que no nos importara que otras personas hayan gastado su tiempo en compartir sus soluciones con nosotros.
Puntos de reputación en las discusiones:
| Quien responde recibe: | Quien pregunta debe presionar: |
|---|---|
| 5 puntos por respuesta que "ayude" |  Límite: 15 por discusión. |
| 10 puntos por respuesta "correcta" |  Límite: 1, una vez que marcamos una respuesta como correcta, el tema queda marcado como "solucionado". |
Saludos.
Estimada Alma,
Concuerdo con lo que te menciono Gonzalo Gomez, en que revises en e B1if, lo que tiene que ver con que todo este configurado con IP nombre del servidor, esto me sucedia hasta que revise la nota SAP de problemas de dispositivos y en esta se tiene un apartado que dice:
Slds,
IFV
Hola Gracias por la aportación adjunto captura de la configuración que tengo actualmente.
la Ya seguí instrucciones es mencionadas pero me e quedado estancada en el paso 11 me a pare el mensaje que muestra en pantalla, me podrían orientar por favor,
Gracias.
Creo que estás poniendo -destorepassword y la instrucción es -deststorepass.
Espero puedas darte una vuelta al documento que te comente sobre reputar a quienes ayudan.
Aquí te anexo la nota de sap sobre el tema:
Symptom
To ensure the highest security standard for your company and your business data, SAP introduced the exclusive use of valid SSL certificates.
Securing your SAP Business One mobile application with a valid SSL certificate can be crucial. Fortunately, it is quite simple to do this.
In some situations it may be required that you buy a trusted certificate, but there are many cases where you can generate and use a self-signed
certificate for free.
Be aware that SAP cannot cover all possible security aspects due to customer-specific requirements and conditions. The mobile app needs to be
embedded into each customer’s specific security concept. Nevertheless, some manual action is required.
In this SAP Note, SAP presents examples of how to obtain and install valid certificates.
For more details, technical backgrounds or questions please consult your partner or the diverse information sources that are available on this
standard security technology.
SAP enhanced the security of the SAP Business One mobile app on SSL connections gradually in the following way:
- 1st security stage - Using valid certificates was RECOMMENDED
Starting with SAP Business One mobile app 1.10.0 for iOS and SAP Business One mobile app 1.1.4 for Android, the apps showed this warning message during the logon phase if no valid SSL certificate was deployed:
- The certificate for this server was not issued by a trusted certificate authority. In future version the connection to the server will be disabled until valid certificate is deployed. Contact your IT administrator for more details
In this stage/this app versions, the message could be suppressed by disabling the parameter 'Enforce Certificate Check' in the settings for SAP Business One mobile app on the device.
- 2nd security stage - Using valid certificates is MANDATORYStarting with SAP Business One mobile app 1.11.1 for iOS and mobile app 1.2.0 for Android, a SSL connection without a valid SSL certificate is not possible anymore. The mobile apps show this message at logon:
- The certificate for this server was not issued by a trusted certificate authority. The connection to the server is disabled. Contact your IT administrator for more details
Using valid certificates is strongly recommended at the 1st security stage, and mandatory at the 2nd security stage.
SolutionThe following informs on how to keep or make SAP Business One mobile apps working with valid certificates.How to obtain a valid certificatePlease Note: SAP cannot give recommendations when to use a self-signed certificate or a signed certificate from trusted third party. The selection depends on the specific use and the selected environment, as for example VPN, dev/test systems, intranet/internet solutions, value/type of transferred information, incentive for someone to attack the connection, security needs, etc.
**Please read the following instructions carefully and pay attention to uppercase and lowercase (entries are case-sensitive)!** Note: For the keytool commands mentioned below, you need the following information:
- keytool.exe location: ./SAP Business One Integration/sapjre_7_64/jre/bin/ (for 64-bit Windows system) or ./SAP Business One Integration/sapjre_7_32/jre/bin/ (for 32-bit Windows system)
- Keystore file: ./webapps/B1iXcellerator/.keystore (relative to the Tomcat base directory)
- Keystore password (<keystorepassword>): Find the default password in the ./Tomcat/conf/server.xml file in the keystorePass attribute
- Key password (<keypassword>): The default key password is the same as the keystore password
- Key alias: tomcat
- If you are using Windows Command prompt, please ensure to run the command prompt as Administrator
Generally there are three options to obtain a valid certificate: A. Purchase a signed certificate from trusted third party certification authority (CA) vendor
- Follow the steps provided by the CA vendor to receive a trusted CA signed certificate for the system.
- Deploy the trusted CA signed certificate on the SAP Business One Integration Framework (B1i) server using step i or ii:
- Modify the existing B1i keystore file by deleting the existing entry using the command below and then importing the new certificate using the CA vendors instructions. Please modify the keystore path as necessary when deleting the existing entry:
- keytool -delete -alias tomcat -keystore ./webapps/B1iXcellerator/.keystore -storepass <keystorepassword>
- Replace the existing B1i keystore file with the keystore created according to the instructions provided by CA vendor and update the Tomcat server.xml to refer to the new keystore:
- Open and update ./Tomcat/conf/server.xml to refer to the new keystore and password: keystoreFile="./webapps/B1iXcellerator/<keystorefilename>" keyAlias="tomcat" keystorePass="<keystorepassword>"
- Modify the existing B1i keystore file by deleting the existing entry using the command below and then importing the new certificate using the CA vendors instructions. Please modify the keystore path as necessary when deleting the existing entry:
- Restart the Integration Framework service
- Verify the certificate has been successfully imported by checking access to the integration framework via the https port (for example, open https://<servername_or_ip>:8443on the browser in the mobile device. If successful, you should not receive any browser warnings regarding https/certificates)
Note: In case you encounter any issue in above steps, please consult your CA vendor.B. Create a self-signed certificate using the Certificate ToolAs of integration framework (B1if) version 1.22.0 (delivered with SAP Business One 9.1 PL08 and SAP Business One 9.1, version for SAP HANA PL08), the integration framework provides a Certificate Tool. The certificate tool automates the creation of a root certificate and a self-signed server certificate based on the root certificate, it also deploys the server certificate to the integration framework keystore. Based on the server certificate, the tool creates an SSL certificate for the mobile device that connects to the integration framework with the SAP Business One mobile app.Prerequisites
- The OpenSSL tool (openssl.exe) is available in the ..\B1iXcellerator\openssl\bin folder.
- During certificate creation, the integration framework checks whether the tool is available in the folder.
- If the tool is not available, manually install OpenSSL: https://www.openssl.org/community/binaries.html .
Procedure
- To open the tool, choose Tools → Certificate Tool.
- In the Domain Name field, enter the domain name the certificate is issued to. If you do not enter a name, the integration framework uses the local machine name.
- To create and deploy the self-signed certificate to the integration framework keystore, click the Create Certificate button.
The integration framework creates the certificate in the ..\B1iXcellerator\B1iCert folder. The path depends on where you have installed the integration framework. - To reset to the default keystore that the installation program created, click the Reset Certificate button
- Note: After certificate creation or reset, restart the SAP Business One Integration Service
ResultAfter creation, you can find the myCA.cert file in the ..\B1iXcellerator\B1iCert folder. Make the certificate available to the mobile device as detailed in step 5 below. C. Create a self-signed certificate manuallyFor integration framework (B1if) version below 1.22.0 (up to SAP Business One 9.1 PL07 and SAP Business One 9.1, version for SAP HANA PL07), this is the recommended way for creation of self-signed certificate.
On Windows environment, openssl is not pre-installed with system. Download Win32 or Win64 openssl installer from https://www.openssl.org/related/binaries.html
- The default installation path is c:\openssl-win64 (for 64-bit Windows system) or c:\openssl-win32 (for 32-bit Windows system)
- before using openssl, run command: set OPENSSL_CONF=c:\openssl-win64\bin\openssl.cfg (for 64-bit Windows system) or set OPENSSL_CONF=c:\openssl-win32\bin\openssl.cfg (for 32-bit Windows system)
1. Create your own root CA (if it does not exist for other reason)1.1 Create a private key file: openssl genrsa -out ServerKey.key 10241.2 Create the certificate (to be deployed to mobile devices): openssl req -new -x509 -key ServerKey.key -out myCA.cer -days 3650 -subj /CN="custom_CA_name"Note: The "custom_CA_name" value should not match the value used for "server_domain_name" in step 2.2
2. Create self-signed certificate for multiple servers 2.1 Create a private key: openssl genrsa -out ClientKey.key 1024
2.2 Create the CSR (Client Signing Request): openssl req -new -key ClientKey.key -out CertReq.csr -subj /CN="server_domain_name"Note "server_domain_name" should be exactly the same value used for the server field in mobile app settings (for example the server name or the server ip address).
2.3 Use the CSR to create the certificate based on your own CA key file: openssl x509 -req -days 3650 -in CertReq.csr -CA myCA.cer -CAkey ServerKey.key -CAcreateserial -out ClientCert.crt
3. Deploy the self-signed certificate on the SAP Business One Integration Framework (B1i) server3.1 Create a PKCS12 keystore and import: openssl pkcs12 -export -inkey ClientKey.key -in ClientCert.crt -out keystore.pkcs12 (For the Export Password, please enter the default Keystore password)
3.2 Copy keystore.pkcs12 file to B1 Integration Framework (B1i) server (for example ./webapps/B1iXcellerator/keystore.pkcs12) to make sure that it can be accessible by keytool3.3 In the Command Prompt, move to the Integration Framework jre bin path (32bit or 64bit based on your system): <SAP Business One Integration path>\sapjre_7_32\bin (for example cd C:\Program Files (x86)\SAP\SAP Business One Integration\sapjre_7_32\bin). NOTE: In previous versions of the Integration Framework this folder might be: \sapjre_6_32\bin.3.4 Delete the original self-signed certificate from the keystore: keytool -delete -alias tomcat -keystore "C:\Program Files (x86)\SAP\SAP Business One Integration\IntegrationServer\Tomcat\webapps\B1iXcellerator\.keystore" -storepass <keystorepassword>
3.5 Convert PKCS12 keystore into Java keystore: keytool -importkeystore -srckeystore "C:\Program Files (x86)\SAP\SAP Business One Integration\IntegrationServer\Tomcat\webapps\B1iXcellerator\keystore.pkcs12" -srcstoretype PKCS12 -destkeystore "C:\Program Files (x86)\SAP\SAP Business One Integration\IntegrationServer\Tomcat\webapps\B1iXcellerator\.keystore" -deststoretype JKS -deststorepass <keystorepassword> -srcstorepass <keystorepassword>
3.6 Change the default alias name to tomcat: keytool -changealias -alias 1 -destalias tomcat -keystore "C:\Program Files (x86)\SAP\SAP Business One Integration\IntegrationServer\Tomcat\webapps\B1iXcellerator\.keystore" -storepass <keystorepassword>
4. Restart SAP Business One Integration Service from Services panel. 5. Install your own created root CA certificate on mobile devices. The app settings should use the servername/domain or IP as defined in the certificate.Procedure for iOS devices
- Email myCA.cer file to the iOS device
- Click the email attachement to install the CA into the system
Procedure for Android devices
- Copy the myCA.cer file via a microSD card onto the Android device
- Install the file via Settings → Security → Credential Storage and selecting “Install from storage” and follow the prompts
6. Verify the certificate has been successfully imported
Check access to the integration framework via the https port (for example, open https://<servername/IP>:8443 in the browser of the mobile device. If successful, you should not receive any warning regarding https/certificates)
Header Data
| Released On | 21.04.2016 05:05:23 |
| Release Status | Released for Customer |
| Component | SBO-INT-MOB Mobile Anwendungen |
| Priority | Correction with high priority |
| Category | FAQ |
Validity
|
| User | Count |
|---|---|
| 104 | |
| 12 | |
| 11 | |
| 6 | |
| 6 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.