Skip to Content
0

SAP Passport CA (root certificate) has been updated. Where to put it?

Mar 02 at 09:44 AM

369

avatar image

Recently we’ve received information about certificates update.

https://wiki.hybris.com/

Our scenario is 2) Outbound Communication to External Systems.

We have integration between C4C and CRM through HCI and all C4C Outbound web services are currently using SSL Client Authorization.

Judging from the above article we need to extract SSL Client Certificate and update every iFlow which is consuming C4C Outbound interface.

An unclear part is SAPPassportCA.der – root certificate. Should we install this into HCI key store or somewhere else?

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Best Answer
Shivanand Hangaragi
Mar 02 at 11:51 AM
1

Dear Olegs Veliks,

Yes you are right, you need to import new SAP Passport CA into your HCI Keystore, and then download the new M-User certificate from C4C system(Either from Outbound Communication Arrangement OR Administrator>>Communication Certificates>>Download Tenant Certificate) and upload into your IFlows(Sender channel).

Make sure to map this M-User certificate to HCI User.

Regards,

Shivanand B H

Show 2 Share
10 |10000 characters needed characters left characters exceeded

Thanks a lot for reply.

My question was only related to C4C Outbound flows. For some reason I cannot see any certificate in Administrator - Communication Certificates. So the only way I can get it is Communication Arrangement.

Can you please clarify why to map M-User certificate to HCI User? Where to do this? In HCI Manage Certificate-to-User Mappings? Currently we do not have any entry there, but still are able to use certificate based auth.

0

Dear Olegs Veliks,

You should be able to see a button "Download Tenant Certificate" under Administrator>>Communication Certificates. If you are unable to see this button, then you can raise an incident to SAP, and in the meantime you can download it from the arrangement.

M-User certificate is the one which download with these steps, and this is used in HCI IFlow sender channel. However considering there will be many IFlows so uploading the certificate to every one of them may be time consuming, hence the short cut would be assign this certificate to an user in HCI(Manage Certificate-to-User Mappings), and use that user id in every IFlow. This may save you lot of time.

For this to work, you need to use "User Role" authentication mode in HCI Sender Channel, and in Externalized Parameters, provide the HCI Artifact name.

Regards,

Shivanand B H

0
Dennis Neubrand Apr 01 at 06:32 PM
0

Hi,

I applied the new SAP passport root CA to the HCI keystore, however all my integration scenarios from C4C to HCI fail with "401 - unauthorized" since today. I also checked the M-certificate from C4C, this did not change, it is still the same than half a year ago or so. Any idea what the issue here might be?

Regards,

Dennis

Show 2 Share
10 |10000 characters needed characters left characters exceeded

Have you updated Sender’s certificates? Take them from Communication Arrangement, import into iFlow sender and redeploy.

0

yes we did this, however the sender certificate was still the same than before. I then reported a very high incident, the result was that SAP had issues with the new certificate, they corrected it in HCI.

0