cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Passport CA (root certificate) has been updated. Where to put it?

Go to solution
former_member322953
Explorer

on ‎03-02-2018 9:44 AM

0 Kudos

Recently we’ve received information about certificates update.

https://wiki.hybris.com/

Our scenario is 2) Outbound Communication to External Systems.

We have integration between C4C and CRM through HCI and all C4C Outbound web services are currently using SSL Client Authorization.

Judging from the above article we need to extract SSL Client Certificate and update every iFlow which is consuming C4C Outbound interface.

An unclear part is SAPPassportCA.der – root certificate. Should we install this into HCI key store or somewhere else?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

ShivanandBH
Product and Topic Expert
Product and Topic Expert
‎03-02-2018 11:51 AM

Dear Olegs Veliks,

Yes you are right, you need to import new SAP Passport CA into your HCI Keystore, and then download the new M-User certificate from C4C system(Either from Outbound Communication Arrangement OR Administrator>>Communication Certificates>>Download Tenant Certificate) and upload into your IFlows(Sender channel).

Make sure to map this M-User certificate to HCI User.

Regards,

Shivanand B H

Show replies
Show replies
former_member322953
Explorer
‎03-04-2018 7:53 PM
0 Kudos

Thanks a lot for reply.

My question was only related to C4C Outbound flows. For some reason I cannot see any certificate in Administrator - Communication Certificates. So the only way I can get it is Communication Arrangement.

Can you please clarify why to map M-User certificate to HCI User? Where to do this? In HCI Manage Certificate-to-User Mappings? Currently we do not have any entry there, but still are able to use certificate based auth.

ShivanandBH
Product and Topic Expert
Product and Topic Expert
‎03-05-2018 6:10 AM
0 Kudos

Dear Olegs Veliks,

You should be able to see a button "Download Tenant Certificate" under Administrator>>Communication Certificates. If you are unable to see this button, then you can raise an incident to SAP, and in the meantime you can download it from the arrangement.

M-User certificate is the one which download with these steps, and this is used in HCI IFlow sender channel. However considering there will be many IFlows so uploading the certificate to every one of them may be time consuming, hence the short cut would be assign this certificate to an user in HCI(Manage Certificate-to-User Mappings), and use that user id in every IFlow. This may save you lot of time.

For this to work, you need to use "User Role" authentication mode in HCI Sender Channel, and in Externalized Parameters, provide the HCI Artifact name.

Regards,

Shivanand B H

Answers (1)

Answers (1)

former_member316659
Explorer
‎04-01-2018 7:32 PM
0 Kudos

Hi,

I applied the new SAP passport root CA to the HCI keystore, however all my integration scenarios from C4C to HCI fail with "401 - unauthorized" since today. I also checked the M-certificate from C4C, this did not change, it is still the same than half a year ago or so. Any idea what the issue here might be?

Regards,

Dennis

Show replies
Show replies
former_member322953
Explorer
‎04-01-2018 10:18 PM
0 Kudos

Have you updated Sender’s certificates? Take them from Communication Arrangement, import into iFlow sender and redeploy.

former_member316659
Explorer
‎04-11-2018 9:22 AM
0 Kudos

yes we did this, however the sender certificate was still the same than before. I then reported a very high incident, the result was that SAP had issues with the new certificate, they corrected it in HCI.

Ask a Question