cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HCI to ECC - certificate based authentication

Former Member

on ‎01-18-2018 5:56 AM

0 Kudos

Hi Experts

We are trying certificate based communication between HCI and ECC.

Steps we followed so far:

1. Exported HCI certifcates(complete chain root/intermediate/server) from keystore

2. ECC basis added these 3 to STRUST following the blog

https://blogs.sap.com/2015/03/24/quick-guide-on-using-certificates-for-integrating-c4c-and-ecc-using...

 ECC should trust HCI as a Server: HCI is the server for ECC, and the
HCI Server Root Certificate has to be imported to STRUST in
ECC.  HCI Worker
node URL has the certificate chain which should be imported in STRUST – SSL
Client. The Root of the certificate chain is sufficient for this – in case you
get errors, you can import the Intermediate as well as shown below

We are getting 401 unauthorized error when we are trying to hit ECC from HCI

Its a new thing for us, any help would be appreciated.

Regards

Naina

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

kei_torres
Discoverer
‎04-04-2018 7:21 AM
0 Kudos

If you are using SAP Cloud Connector for integration scenarios keep in mind that Certificate based authentication is not supported you should use http as a the transfer protocol, the on premise proxy type and Basic as the Authentication to communicate with the SAP ECC using a communication user from the erp with the corresponding authorizations.

Keep in mind that the SAP Cloud Connector also requires some configuration paths for the on premise system that was configured to allow communication to the ERP, otherwise, it will not allow you to send information.

Show replies
Show replies
Former Member
‎01-22-2018 5:40 AM
0 Kudos

no its not

we are suing hCC in between, does the Certificate based changes between HCI to ECC if HCC is involved

Show replies
Show replies
ashish_goel4
Active Participant
‎01-22-2018 11:57 AM

If there is a reverse proxy or HCC which receives the request from HCI then the root certificate of HCI should be placed in the trust store of the proxy server (HCC).

User->Certificate mapping is also required using HCI Client certificate that comes with the provisioning Mail. It will be done in your ECC system.

Thanks,

Ashish

Former Member
‎01-22-2018 1:04 PM
0 Kudos

Ashish

Is ECC and HCC interchanged here in fist and second statement

If there is a reverse proxy or HCC which receives the request from HCI then the root certificate of HCI should be placed in the trust store of the proxy server (HCC).

User->Certificate mapping is also required using HCI Client certificate that comes with the provisioning Mail. It will be done in your ECC system.

As User->Certificate mapping as far as i know is done in HCC only not ECC. Kindly clear the confusion.

Naina

ashish_goel4
Active Participant
‎01-23-2018 9:41 AM
0 Kudos

Also check this blog. It explains in detail.

https://blogs.sap.com/2016/03/30/hci-integrate-on-premise-erp-with-hci-idoc-adapter-using-hana-cloud...

Thanks,

Ashish

ashish_goel4
Active Participant
‎01-19-2018 5:42 AM
0 Kudos

Hi Naina,

Is your ECC system accessible from HCI directly? Usually CPI (Cloud) to On-Premise connectivity is through Hana Cloud connector which act as reverse proxy. Please check that first.

Thanks,

Ashish

Show replies
Show replies
Muniyappan
Active Contributor
‎01-18-2018 10:51 AM
0 Kudos

Have you done this step?

HCI should have this Signed ECC Client Certificate in its iFlows


you have to add the ECC client certificate into the iflow.

Show replies
Show replies
Former Member
‎01-22-2018 5:43 AM
0 Kudos

Hi MUni

Its HCI to ECC, what i learnt is that certificate should be HCI iflow in case of ECC to HCI

Naina

Muniyappan
Active Contributor
‎01-22-2018 6:11 AM

That is correct. I got confused seeing this text

ECC should trust HCI as a Server: HCI is the server for ECC,and the
HCI Server Root Certificate has to be imported to STRUST in
ECC.  HCI Worker
node URL has the certificate chain which should be imported in STRUST – SSL
Client. The Root of the certificate chainis sufficient for this –incase you
geterrors, you can import the Intermediate as well as shown below

HCI to ECC case, HCI is client and ECC is server.

You have to check section"2. HCI is the Client and ECC is the server" in above you mentioned blog.

additionally check this also for SCC config.

https://blogs.sap.com/2016/03/03/a-simple-hci-to-sap-cloud-connector-to-on-premise-scenario/

Ask a Question