on 11-01-2017 2:03 PM
Hi All
I am having difficulty understanding how to upload the .cer certificate to HCI keystore as it only accepts .jks or jkes format there, i tried saving the same file as .jks but of no help.
Kindly add some light to it
Thanks a lot
Naina
Hello Naina,
You willnot be able to upload the certificates like earlier directly from Eclipse by appending certificates to System.jks. Now you have to follow below steps in WEBUI
Blog 1: ( to Get overview of how to generate JKS file )
Blog 2: ( How to upload JKS to CPI tenant via WEBUI and Make your scenario working)
Blog 3: ( How to take up backup of certificates via WEBUI )
https://blogs.sap.com/2017/08/14/cloud-integration-backuprestore-using-keystore-monitor/
Let me know if you still find any difficulties with certificates.
Regards,
Sriprasad Shivaram Bhat
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Sriprasad
I need a major help here.
My client has only provided an sha384RSA 2048 certificate with pkcs padding(.cer). They say it should be used for encryption in HCI as a MLS. Also they asked to used Base 64 encoding after the encryption is done.
They have not provided any public key or anything apart from that.
So for TLS i downloaded the public certificates from their website and that works fine.
Also i used keystore explorer to add this .cer to newly created java keystore and added to my HCI keystore
https://******.ap1.hana.ondemand.com/itspaces/shell/monitoring/Keystore
It is not encrypting by itself.
What should be the next step to call their .cer(sha384RSA 2048 certificate with pkcs padding) in my scenario.
Its very urgent and i am not able to find any solution to this.
Please help me with this.
Regards
Naina
In HCI you need to create a Java Key Store. Don't rename the certificate that is invalid.
Check these blogs: HCI Certificates.
And also please tag your query to HCI.
Br,
Manoj
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Naina,
You need to use the .cer file provided by your 3rd party in the Public key alias of PKCS7 encryptor. And to upload this .cer file to keystore, you need to create a .jks file. You can use the system.jks file if you know the password of it, else create a new .jks file and upload it to HCI keystore.
You can use keystore explorer to add the .cer file. Once uploaded use the alias of .cer file in PKCS7 encryptor.
Regards,
Nitin Deshpande
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
manoj
need urgent help...please share ur email ID
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Naina,
MLS-Message Level Security is concept to encrypt/sign the outgoing message using the third party provided certificate(encryption) or using own private key(signing)
So as you already have the third party certificate so using that you need to encrypt the message in HCI ,i believe you are using SOAP adapter so you need to select WS-Security and configure accordingly.
Sorry, currently i don't have HCI tenant access to provide you the screenshot.
Can you follow me so that i can message you personally.
Br,
Hi Manoj
Followed....
I have a basic question from you as i am doing MLS first time in HCI..
i have client's .cer certificate where he has used
So what i did is i tried downloading systm.jks from deployed artifacts but the download button is disabled...so i used keystore explorer to create a new keystore of type .jks and added client's certificate(.cer) along with client's public certificate that i downloaded from their site.
****Client is using JSON post so i am using HTTP adapter in HCI...scenario is like i am pushing JSON data from postman tool to HCI and HCI calls client's URL to post data into their system. Client wants the data to be encrypted using their .cer certificate and then they will decrypt using their private key.
So next step i tried is using PKCS7Encryptor of HCI to use the certificate using its alias from HCI keystore but its of no use.
Anything that i am missing to incorporate MLS here.
or is it that system.jks should be downloaded only from deployed artifacts.
Also the certificate of HCI i have doesnt contain private key....how to get that manoj
I'll be really greateful if u can help.
As per the blog there is no restriction to use the existing system.jks keystore . You can create your own keystore as well
To add the root certificate of the receiver systems private key, open an existing keystore in Keystore Explorer or create a new keystore. Easiest is to just create a new one, select JCEKS as type for the new keystore.
I am not sure if HTTP has inbuild MLS feature, if not then have to go for script .
And the private key for your tenant would be usually sent in the initial mail from SAP with your tenant/management/runtime URL , however, you can create a new pair as well . link
Please re-tag your query to : SAP Cloud Platform Integration for process services
Hi Manoj
I can see ssytem.jks in deployed artifacts and i want to download it in order to add .cer certificate to it but the field is disabled there.
Can i create a fresh keystore using keystore explorer tool and add cert to it and upload. will it work.
Kindly help.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.