on 05-16-2006 3:15 PM
hi,
am connecting to a HTTPS URL - receiver adapter.
So do i have to install the external company's certificate in XI Server?
thanks,
tirumal
Hi tirumal,
If you use XI as an https client, you have to TRUST your external partner server certificate that he will sent to you ( automatically during the SSL handshake procedure.
This means you have to add his CA ( certification authority ) hierarchy in the list of your Trusted CA's of the 'keystore' J2EE service ( via the Visual Administration Tool ) or on in the ABAP STRUST transaction depending from where you call the client ( Java or ABAP side )
Hope it helps
regards
Dirk
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
PS It could be that your external partner uses an public CA authority ( e.g. Verisign ) and then you can use e.g. the certificate you will find in your browser for Verisign to import in the keystore service.
Otherwise you indeed need to first ask him a server certificate and install in in the trusted CA's
rgds
Dirk
Hi Dirk -
thanks for the response.
Yes i will be using XI as https client.
Question based on your first response...
"depending from where you call the client ( Java or ABAP side )"...how would i know from where i am calling.
I will be calling the HTTPS from the Integration Directory using HTTP Adapter. So should be using ABAP.
Correct me.
Question based on your second response...
how can i know/determine whether the external partner uses public CA or not?
Thanks,
Tirumal
Hi Tirumal,
No all XI adapters ( also HTTP -- except IDOC I believe -- ) run on the J2EE framework and you have to use the J2EE keystore to manage certificates that you use in the adapters.
IF you can https the external URL in your browser you will normally see the SSL secured icon in the browser status bar ( and your browser might request you to trust the server depending upon your security settings and the server certifiacte ) : if you double click this icon ( in IE ) you see the server certificate with all the details you need and you can export it to file ( also the CA hierarchy certificates ) and import them XI as needed
rgds
Dirk
Dirk -
After importing the certificate forgot to restart the ICM->exit soft option.
I executed this option and finally i am able to get the response for the SM59 "Test connection" which is status code of 200.
I will need to test this option with real xml payload.
You have really helped me solve the issue.
Thanks,
Tirumal
Hi Hui,
you should use transaction SMICM, and there - Administration, ICMAN, Exit Soft,
regards
Anna
User | Count |
---|---|
87 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.