Skip to Content
0

Certificate Upload

Feb 07 at 12:46 PM

42

avatar image

Hi SDNites,

I am working on integration between SAP cloud Platform Integration and S4HANA cloud and found it is working using basic authention but if I want to get it integrated using certificate based authentication, can you please guide me,

1. Who generates the Key pair for SAP cloud Platform Integration and who maintains it in case of it being expired. If it is SAP how can I find the Private key and also download the public key to be shared with S4HANA cloud or any 3rd party.

2. Who generates the key pair for S4HANA Cloud and who maintains it in case of it being expired. If it is SAP how can I find the Private key and also download the public key to be shared with S4HANA cloud or any 3rd party.

Also the public key provided by 3rd party will be uploaded manually in keystore by administrator (Not SAP). How will this be linked to Communication channel. Same is for Private key as well.

Regards,

Abhi

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Ivan Mirisola
Feb 07 at 07:52 PM
0

Hi Abhi,

1) If it is a SAP related system certificate, than SAP will update it. Since SCP-CI is a subscribed app and the provider is SAP itself, whenever there is an updated certificate it will reflect all instances that subscribe to this application. You could manage/download any certificate stored on the keystore using this path "/itspaces/shell/monitoring/Keystore" of your "tmn" application url. (i.e: https:// - tmn.avt.us1.hana.ondemand.com/itspaces/shell/monitoring/Keystore)

2) All S4Hana Cloud system integrations need to go thru API Business Hub. The way I see this is that you would need an API key and the trust the certificate from your api landscape URL. Then call the relevant OData service with the API Key. When you open a service definition (need to be logged on to the api business hub), the system will have an API Key button to generate one for you and also a button to generate the related code to call the service.

3) The communication channel will use the certificate alias name you entered while uploading the certificate to the keystore.

Side note: private keys are not shareable, thus no need to bother about them as they are needed only while encrypting the HTTP channel. And this is done automatically by the platform. All certificates needed for the communication channel of a receiver system need to be the ones related to the public key that is embbeded into the server certificate - the same ones used by your browser.

Regards,
Ivan

Share
10 |10000 characters needed characters left characters exceeded