cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

unable to hit a tenant using client certification Authentication.

former_member703923
Explorer

on ‎05-21-2021 1:30 PM

0 Kudos

Hello Everyone,

I'm trying to hit a SAP CPI tenant from my SAP CPI tenant using client certificate authentication via SOAP adapter but getting error while hitting the other tenant : Message processing failed.

Error Details Could not send Message., cause: org.apache.cxf.transport.http.HTTPException: HTTP response '401: Unauthorized' when communicating with https://******.it-cpitrial-rt.cfapps.us10.hana.ondemand.com/cxf/test1.

Basic Authentication is working fine but i would like to establish the same using client certificate based authentication.
I generated my tenant certificate from connection test tab and shared the certificate. Same has been installed in the other tenant keystore and the other tenant's certificate also been installed in my tenant. But getting Unauthorized error.

If i do a connection test to hit the other tenant using TLS and check the option of authenticate with client certificate. Im getting the below error :

Successfully reached host at ***.it-cpitrial.cfapps.us10.hana.ondemand.com:443 but client certificate was not used.

Please help if you feel if i missed something.

BR, MANI

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Sriprasadsbhat
Active Contributor
‎05-21-2021 1:38 PM

Hello Mani,

Please refer below blog and you need to perform certain setup in CF account for certificate based authentication.

Refer section " Configurations on Cloud Integration Tenant in CF" in below blog

https://blogs.sap.com/2019/08/14/cloud-integration-on-cf-how-to-setup-secure-http-inbound-connection...

Regards,

Sriprasad Shivaram Bhat

Show replies
Show replies
manoj_khavatkopp
Active Contributor
‎05-21-2021 2:00 PM

Hi Mani,

Looks like you are using CF trail account. and Note Cert-based auth does not work in CF trial account, as the tenant does not have sap_cloudintegrationcertificate in the Keystore.

Thanks,

Manoj

Show replies
Show replies
former_member703923
Explorer
‎05-21-2021 2:03 PM
0 Kudos

Hi Manoj,

Thanks for the reply. Is there any provision in trail CF to create sap_cloudintegrationcertificate in the keystore ?

manoj_khavatkopp
Active Contributor
‎05-21-2021 2:10 PM
0 Kudos

As far as i know, there is no such plan for trial. Even though you generate an SSL key pair in tenant you can use that for outbound but for inbound you would need sap_cloudintegrationcertificate .

former_member703923
Explorer
‎05-21-2021 2:17 PM
0 Kudos

Thanks for the reply.
As per the below blog if we add the snippet 

{
    "grant-types": ["client_x509"]
}

in service instance in BTP cockpit, then its possible for client based authentication. we need to add the snippet while creating the service instance in Process Integration.

(BLOG)https://blogs.sap.com/2019/08/14/cloud-integration-on-cf-how-to-setup-secure-http-inbound-connection-with-client-certificates/

manoj_khavatkopp
Active Contributor
‎05-21-2021 2:32 PM
0 Kudos

Creation of Service instance/ key works in trial . but when you do an end to end connectivity it fails. Referring to the same blog , pfb.

Ask a Question