Skip to Content

SAP Passport CA (root certificate) has been updated. Where to put it?

Recently we’ve received information about certificates update.

https://wiki.hybris.com/

Our scenario is 2) Outbound Communication to External Systems.

We have integration between C4C and CRM through HCI and all C4C Outbound web services are currently using SSL Client Authorization.

Judging from the above article we need to extract SSL Client Certificate and update every iFlow which is consuming C4C Outbound interface.

An unclear part is SAPPassportCA.der – root certificate. Should we install this into HCI key store or somewhere else?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    Mar 02 at 11:51 AM

    Dear Olegs Veliks,

    Yes you are right, you need to import new SAP Passport CA into your HCI Keystore, and then download the new M-User certificate from C4C system(Either from Outbound Communication Arrangement OR Administrator>>Communication Certificates>>Download Tenant Certificate) and upload into your IFlows(Sender channel).

    Make sure to map this M-User certificate to HCI User.

    Regards,

    Shivanand B H

    Add comment
    10|10000 characters needed characters exceeded

    • Dear Olegs Veliks,

      You should be able to see a button "Download Tenant Certificate" under Administrator>>Communication Certificates. If you are unable to see this button, then you can raise an incident to SAP, and in the meantime you can download it from the arrangement.

      M-User certificate is the one which download with these steps, and this is used in HCI IFlow sender channel. However considering there will be many IFlows so uploading the certificate to every one of them may be time consuming, hence the short cut would be assign this certificate to an user in HCI(Manage Certificate-to-User Mappings), and use that user id in every IFlow. This may save you lot of time.

      For this to work, you need to use "User Role" authentication mode in HCI Sender Channel, and in Externalized Parameters, provide the HCI Artifact name.

      Regards,

      Shivanand B H

  • Apr 01 at 06:32 PM

    Hi,

    I applied the new SAP passport root CA to the HCI keystore, however all my integration scenarios from C4C to HCI fail with "401 - unauthorized" since today. I also checked the M-certificate from C4C, this did not change, it is still the same than half a year ago or so. Any idea what the issue here might be?

    Regards,

    Dennis

    Add comment
    10|10000 characters needed characters exceeded

    • yes we did this, however the sender certificate was still the same than before. I then reported a very high incident, the result was that SAP had issues with the new certificate, they corrected it in HCI.