Skip to Content
Mar 09 at 07:23 PM

SAP CPI : Inbound Client Certificate Authentication, Cloud Foundry Environment

1426 Views Last edit Mar 09 at 10:33 PM 2 rev

We followed the following SAP documentation:

Inbound Client Certificate Authentication

Sender system provided the certs to be imported into the Service Key of the runtime Service Instance. We tried to merge the certificates (root, intermediate, server) under one 'BEGIN CERTIFICATE' and 'END CERTIFICATE' and tried to import this into the Service Key but got an error. So we created one Service Key for each certificate( Don't think this will work but still ).

Sender system also imported the CPI Load Balancer Server Root certificate into it's key store. As per the documentation, we have completed all the steps required for this communication. However, sender system is getting 401 error.

When the sender systems tried the basic authentication, it works, so the problem is with the certificate based auth.

Following section in the SAP documentation is where I think we might be having some issues:

"Only root certificates are being imported into the load balancer keystore. Therefore, the whole certificate chain must be assigned to the certificate to enable the connected component to evaluate the chain of trust."