cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Certificates and Keystore in SAPPI

former_member637026
Participant

on ‎02-05-2020 6:16 PM

0 Kudos

Hi experts,

SAP PI Version 7.1

>We have a scenario: SAP>PI>External system(FTPS)

>For receiver system which is an external system/third party system, we are using FTPS receiver channel and for authentication we have got username, password and x.509 certificate from the third party system.

>I have imported the x.509 certificate in TrustedCAs.

>When I lookup for Keystore in below configuration, I see only 4-5 entries, whereas in NWA - Certificates and Keystore there are many views available. Why is it that I am seeing only 4-5 entries when in fact NWA has got many keystore views?Even the TrustedCAs is not visible here?

Any inputs would be helpful.

Thanks in advance.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

JaySchwendemann
Active Contributor
‎02-05-2020 7:08 PM
0 Kudos

I thought we've already been there? https://answers.sap.com/questions/12947963/ftps-channel-configuration-queries.html 😉

You will not see TrustedCAs because that's the keystore view where you put Certification Authorities Public Keys / Certificates that your PI system should trust. Much like your Browser has a built in trust store.

we have got username, password and x.509 certificate from the third party system

Yeah, and that's why I strongly feel you are not doing mutual authentication / client certificated based authentication. You only got the FTPS Server's certificate.

IF(!!!) you really did mutual authentication you would need a client certificate (and PI would need to hold the private key for that). Normally you would then create an CSR from out PI, get that CSR signed (by a trusted CA or by the FTPS server for self signed) and then end up with a private key and public key (read client certificate) stored in some PI keystore view other than TrustedCAs. You would then specify this view and the certificate alias similar the way you did within Receiver FTP channel

Bottom Line: The reason you are cannot get this flying is by near certainty not a missing client certificate authentication but probably implict FTPS (see https://answers.sap.com/questions/12965043/ftps-channel-error.html)

Show replies
Show replies
Ask a Question