on 01-18-2018 5:56 AM
Hi Experts
We are trying certificate based communication between HCI and ECC.
Steps we followed so far:
1. Exported HCI certifcates(complete chain root/intermediate/server) from keystore
2. ECC basis added these 3 to STRUST following the blog
ECC should trust HCI as a Server: HCI is the server for ECC, and the
HCI Server Root Certificate has to be imported to STRUST in
ECC. HCI Worker
node URL has the certificate chain which should be imported in STRUST – SSL
Client. The Root of the certificate chain is sufficient for this – in case you
get errors, you can import the Intermediate as well as shown below
We are getting 401 unauthorized error when we are trying to hit ECC from HCI
Its a new thing for us, any help would be appreciated.
Regards
Naina
If you are using SAP Cloud Connector for integration scenarios keep in mind that Certificate based authentication is not supported you should use http as a the transfer protocol, the on premise proxy type and Basic as the Authentication to communicate with the SAP ECC using a communication user from the erp with the corresponding authorizations.
Keep in mind that the SAP Cloud Connector also requires some configuration paths for the on premise system that was configured to allow communication to the ERP, otherwise, it will not allow you to send information.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
no its not
we are suing hCC in between, does the Certificate based changes between HCI to ECC if HCC is involved
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
If there is a reverse proxy or HCC which receives the request from HCI then the root certificate of HCI should be placed in the trust store of the proxy server (HCC).
User->Certificate mapping is also required using HCI Client certificate that comes with the provisioning Mail. It will be done in your ECC system.
Thanks,
Ashish
Ashish
Is ECC and HCC interchanged here in fist and second statement
If there is a reverse proxy or HCC which receives the request from HCI then the root certificate of HCI should be placed in the trust store of the proxy server (HCC).
User->Certificate mapping is also required using HCI Client certificate that comes with the provisioning Mail. It will be done in your ECC system.
As User->Certificate mapping as far as i know is done in HCC only not ECC. Kindly clear the confusion.
Naina
No, not replaced.
Check this page 8 : https://archive.sap.com/kmuuid2/001bd1e2-db9b-3110-bd9a-eb5657f54e57/How%20to%20Set%20Up%20SAP%20Web...
Also check this blog. It explains in detail.
Thanks,
Ashish
Hi Naina,
Is your ECC system accessible from HCI directly? Usually CPI (Cloud) to On-Premise connectivity is through Hana Cloud connector which act as reverse proxy. Please check that first.
Thanks,
Ashish
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Have you done this step?
HCI should have this Signed ECC Client Certificate in its iFlows
you have to add the ECC client certificate into the iflow.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
That is correct. I got confused seeing this text
ECC should trust HCI as a Server: HCI is the server for ECC,and the
HCI Server Root Certificate has to be imported to STRUST in
ECC. HCI Worker
node URL has the certificate chain which should be imported in STRUST – SSL
Client. The Root of the certificate chainis sufficient for this –incase you
geterrors, you can import the Intermediate as well as shown below
HCI to ECC case, HCI is client and ECC is server.
You have to check section"2. HCI is the Client and ECC is the server" in above you mentioned blog.
additionally check this also for SCC config.
https://blogs.sap.com/2016/03/03/a-simple-hci-to-sap-cloud-connector-to-on-premise-scenario/
User | Count |
---|---|
88 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.