Skip to Content
0
Former Member
May 05, 2006 at 09:23 PM

Security Issues: SSL on SOAP Adapter and Digital Signature in BPM

68 Views

Hi there,

we're developing a R/3-XI-3rd Party Application scenario, where the XI/3rd Party communication is based on a webservice (SOAP adapter with SSL). Also, the messages in the XI/3rd Party communication must be digitally signed. I've got some questions on both subjects.

1. About the SSL. I've started to investigate what will be necessary to enable the HTTPS option under SOAP Adapter (it's not enabled now). If I'm not correct, all I need to do is:

- check whether the SAP Java Crypto Lib is installed in the Web AS;

- generate the certificate request in the Visual Administrator and, after acquiring the certificate, store it with the KeyStorage option.

Is that right?

I'm considering that I won't need to use SSL in the ABAP Web AS, only the J2EE Java Engine (since the SOAP Adapter is based on J2EE).

2. About the digital signature. As a first solution, we had decided on accessing a webservice based on another machine running a signature application. We'd send the unsigned XML and receive a signed XML. But since that needed to be done into the BPM, I thought that using a piece of Java code in a mapping would suit it better.

But to be able to use the hashing/encrypting/encoding algorithms, which library needs to be installed? Is it the same SAP Java Crypto Lib that was installed for the SSL enabling?

Thanks in advance!