on 01-13-2020 4:43 PM
Hi Experts,
I am using FTPS for the first time so have some questions: SAP PI 7.1 version:
>Where exactly should I ask Basis to keep the X.509 public certificate(which I have got from the third party system) in certificate keystore? Can you please share the navigation path in certificate keystore?
>In FTPS channel, what value has to be configured in "Keystore" and "X.509 Certificate and Private Key" ?
Thanks in advance, Surya
I think there's a misunderstanding, on whether you are doing mutual /client certificate authentication. I think you are not 🙂
When you got the "public certificate" from the FTPS host party, that's most probably a server certificate of that FTPS host. You must then import that to TrustedCAs (providing you are not already trusting a matching root CA). Depending on your policy you will want to import the whole chain including the server certificate or only the root certificate or root and one or several issuing certificates.
What you would not want to chose then is "Use X.509 certificate for client authentication" in the FTPS receiver channel. Remember you only got the "public certificate" (that being the public key of the server certificate) from the FTPS host party, right? For any means of authentication, they'll need to send you either a user / pw, or a separate client certificate or the FTPS host may accept anonymous authentication.
If you are doing mutual / client based authentication, you will put the client certificate to a separate Keystore view (use an existing one (but not TrustedCAs and not the server's own views) or create a new one - when in doubt, create a new one). You will then specify that keystore view in the FTPS channel. You will also need the FTPS hosts server certificate in the TrustedCAs.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jens,
I am new to PI, so need more details here:
All the details which I have got from the external third party for FTPS connection are:
HostName,
IP,
Port as TCP 990,
UserName,
Password,
Folder details+FileName and
X.509 Certificate
Kindly let me know what configuration I have to do in FTPS channel?
Should I check the option of "Use X.509 certificate for client authentication" in the channel? If yes then what should be given in "Keystore" and "X.509 Certificate and Private Key" in the channel?
What should I do with the X.509 certificate that is given to us?
Thanks in advance, Surya
I think I me and the other participants already answered a great deal of those questions 🙂 In short
Sidenote: Beneath the above guesswork, you should be sure about those three things (ask external party if needed):
Thank you so much 🙂
Hi Surya,
it is very easy you can navigate to the below path,
NWA-Certifications&Keys-TrustedCA's
Select Trusted CAs
And click on import entry then it will ask you the entry type(select X.509) and its done.
if it is Certifacate Auth then Use X.509 Certificate for Client Authentication, Set this indicator if the adapter, in contrast to the FTP server, is to use X.509 certificate and public-key cryptography to authenticate itself. The corresponding key/certificate pair must previously be saved in a keystore view of the J2EE server.
there are many blogs and questions already answered on the same.
https://answers.sap.com/questions/5716742/how-to-configure-certificates-for-ftps.html
https://blogs.sap.com/2010/04/13/how-to-configure-ftps-in-file-adapter/
Hope it is helpful for you thank you..
Regards,
Bhaskar.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
TrustedCAs is not the right place to put your client certificates. I think, however, the OP really doesn't do mutual / client certificate based authentication in the first place, see my answer for more.
Hi Surya,
You have to add view and an entry to import the certificate in netweaver administrator.After that you can select and use the certificate in file adapter.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
80 | |
9 | |
9 | |
7 | |
7 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.