We need to connect our SAP PO system (NW 7.40) to external system that has SFTP-server using RSA keypair authentication method.
I have searched SAP support portal already extensively but not yet found a solution meeting our requirements. To name a few I have visited:
2465821 - How to connect SAP PI to SFTP server via RSA keys (this has 3 links located in wiki or how-to-guides)
https://archive.sap.com/discussions/thread/3445225
All blogs seen so far is about creating the key inside SAP PI/PO.
But in our case, we already have a Private key file let's call it sftp.key, made by same company itself but from a non-SAP system.
The file we have has this kind of content:
-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAxVBI+ca/sP....-----END RSA PRIVATE KEY-----
The SFTP-server we are about to use, requires as authentication method username + RSA keypair.
In PO this would mean, that in SFTP channel configuration we need to use as authentication method 'Private key' and provide 'private key view' and 'private key entry'.
In NWA keystore, we had created a new keystorage view let's call it SFTP_TEST.
If we then try to use button 'Import file' and choose PKCS#12, we get a popup enabling us to browse and choose the file we have (sftp.key), but the popup asks for a MANDATORY password for decrypting, which we don't know and we think the creator of the keyfile did not used any password.
We also tried other file types: PKCS#8 or X509, but they lead to errors.
We know this existing key file is working outside SAP environments. If we use any Sftp-client and try to connect to that external SFTP-site and provide username and the given key-file, we manage to access the SFTP-server successfully.
QUESTION: So how can we use the given existing private key file to be able to upload it PO keystore?
Please be aware, that although we are aware how to create private keys in side PO (following the found blogs), don't even imagine asking the SFTP-server owner to upload any keys on their OS-level as some blogs suggests. The procedure with the SFTP-server organization goes like this:
1) We create a CSR request in our company (this happens currently in a non-SAP system although we know how to do this in PO as well)
2) We send (from non-SAP system) the CSR request to external partner owning the SFTP-server.
3) external partner sends us their unique Certificate (yes, certificate, not just keys) which is specific to our CSR. They also provide the sftp username. The partner says, that sftp-authentication would be based on public and private keys, the certificate is made from. So by providing our CSR, they got to know our public key.
4) our non-SAP system provides the private key as single file (don't know how the non-SAP system generates this key)
the SFTP-server requires to use RSA keypair authentifcation mechanism.
As said, accessing the SFTP-server with any SFTP-client works well with the given key-file, but we are not able to upload it to SAP PO keystore as private key.
- SAP Managed Tags:
Accepted Solutions (0)
Answers (2)
| User | Count |
|---|---|
| 94 | |
| 11 | |
| 11 | |
| 10 | |
| 9 | |
| 8 | |
| 6 | |
| 5 | |
| 4 | |
| 4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.