cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

problem with ssl certificate

Former Member

on ‎06-29-2007 2:30 AM

0 Kudos

Hello everyone!

I have a scenario wherein I am trying to connect SRM to a marketsite through XI.

SRM (Purchase Order) ---> XI (marketplace adapter) ---> Marketsite

The URL of the marketsite is of the type HTTPS so I am using certificate logon as the method for authentication.

Please tell me whether this is the right thing to do:

1. Create a self-signed certificate in the "Key Storage" of the visual administrator.

2. Export the certificate and have it installed in the marketsite.

3. Configure the marketplace com. channel in the integration directory to use the private key I used to generate the certificate I sent to the marketsite.

Having done that, I am get a "server rejected by chain verifier" error in the message monitoring tool.

Here are some other questions:

1. Should I create a new View for the certificate and private key, or should I create the certificate in the existing "service_ssl" and rename the new certificate "ssl-credentials-cert" and the private key "ssl_credentials"

2. Will a self-signed certificate work or do I need to get it signed by a CA before importing the response.

3. If a self-signed certificate will work, do I need to add another certificate in the "TrustedCAs" view?

4. If I should import a certificate response from a CA, where can I get the certificate of the CA?

I know these are a lot of questions, but I'd really appreciate all the help I can get from you guys. Please avoid posting links to other threads as I have pretty much read all of them..

Warm regards,

Glenn

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎06-29-2007 3:57 AM
0 Kudos

follow-up question,

If I'm trying to connect to the marketsite, what should the Common Name (CN) be, the hostname of marketsite, or of the XI server?

warm regards,

glenn

Show replies
Show replies
Former Member
‎06-29-2007 5:39 AM
0 Kudos

Hi Glenn,

First of all check if u r able to communicate with the HTTPS Marketsite server With username and password.

The problem is definitely due to Common Name of the certificate.

XI does a strict name check on the common name of the certificate. If it does not match with the server name it rejects the certificate.

Common Name of the (Marketsite)certificate must be exactly as the host name of the marketsite server.

Once u r able to communicate with HTTPS server via username/password u can use cert. logon.

Regards,

Sudharshan N A

Message was edited by:

Sudharshan Aravamudan

Former Member
‎07-04-2007 4:06 AM
0 Kudos

Hi Sudharshan,

Thanks for your helpful reply.

I have another question, if I were trying to connect to marketsite with XI, where should I store the marketsite certificate in the Visual Administrator? Is it enough that I put it in the "TrustedCAs" view?

If I should create a new view for it, how do I generate a private key that corresponds to the certificate from marketsite? I can't seem to select the certificate I imported in the Integration repository - it only allows selection of the private key.

Could you explain how this should be set up? SAP support has so far been very unhelpful. 😛

Warm regards,

Glenn

Former Member
‎07-04-2007 6:01 AM
0 Kudos

Hi Glenn,

Let me explain the scenario without client certificate Logon (User and password) first .

When you want to communicate with marketsite in secure manner, get the certificate of the CA (Certifying Authority) who has signed market site Cert. and add it to Trusted CAs view in Visual Admin of XI. Sometimes it may be a CA certificate chain.

If that certificate is self-signed, add the market site certificate itself in to Trusted CAS of Vis.Admin of XI.

Certificate Logon:

This is for ur (XI servers) Identity to Marketsite.

In Visual Admin KeyStorage create a view or in any of existing views create a Private Key and Public key (Certificate) pair representing XI Server (CN should be hostname of XI server). Get the public Key signed by CA and import the Certificate in Visual Admin.

Now in Configuration select view and the Private Key just created for XI's Identity.

PS: There may be some steps in Marketsite too in case of Certificate logon like Adding XI certificate to something like Trusted CAS of Marketsite.You can get better picture from guys administrating the Marketsite..

Try these options and post the results in forum.

Good Luck.

Regards,

Sudharshan N A

Ask a Question