Skip to Content
avatar image
Former Member

HCI to ECC - certificate based authentication

Hi Experts

We are trying certificate based communication between HCI and ECC.

Steps we followed so far:

1. Exported HCI certifcates(complete chain root/intermediate/server) from keystore

2. ECC basis added these 3 to STRUST following the blog

https://blogs.sap.com/2015/03/24/quick-guide-on-using-certificates-for-integrating-c4c-and-ecc-using-hci/

 ECC should trust HCI as a Server: HCI is the server for ECC, and the
HCI Server Root Certificate has to be imported to STRUST in
ECC.  HCI Worker
node URL has the certificate chain which should be imported in STRUST – SSL
Client. The Root of the certificate chain is sufficient for this – in case you
get errors, you can import the Intermediate as well as shown below

We are getting 401 unauthorized error when we are trying to hit ECC from HCI

Its a new thing for us, any help would be appreciated.

Regards

Naina

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • Jan 18 at 10:51 AM

    Have you done this step?

    HCI should have this Signed ECC Client Certificate in its iFlows


    you have to add the ECC client certificate into the iflow.

    Add comment
    10|10000 characters needed characters exceeded

    • That is correct. I got confused seeing this text

      ECC should trust HCI as a Server: HCI is the server for ECC,and the
      HCI Server Root Certificate has to be imported to STRUST in
      ECC.  HCI Worker
      node URL has the certificate chain which should be imported in STRUST – SSL
      Client. The Root of the certificate chainis sufficient for this –incase you
      geterrors, you can import the Intermediate as well as shown below

      HCI to ECC case, HCI is client and ECC is server.

      You have to check section"2. HCI is the Client and ECC is the server" in above you mentioned blog.

      additionally check this also for SCC config.

      https://blogs.sap.com/2016/03/03/a-simple-hci-to-sap-cloud-connector-to-on-premise-scenario/

  • Jan 19 at 05:42 AM

    Hi Naina,

    Is your ECC system accessible from HCI directly? Usually CPI (Cloud) to On-Premise connectivity is through Hana Cloud connector which act as reverse proxy. Please check that first.

    Thanks,

    Ashish

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jan 22 at 05:40 AM

    no its not

    we are suing hCC in between, does the Certificate based changes between HCI to ECC if HCC is involved

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Apr 04 at 06:21 AM

    If you are using SAP Cloud Connector for integration scenarios keep in mind that Certificate based authentication is not supported you should use http as a the transfer protocol, the on premise proxy type and Basic as the Authentication to communicate with the SAP ECC using a communication user from the erp with the corresponding authorizations.

    Keep in mind that the SAP Cloud Connector also requires some configuration paths for the on premise system that was configured to allow communication to the ERP, otherwise, it will not allow you to send information.

    Add comment
    10|10000 characters needed characters exceeded