Skip to Content
The Weblog describes how to attach a digital signature & encrypt a message, when message is sent out using mail adapter

1.How to create Digital certificate in XI ?

Login to the visual admin tool in XI, select the Service node->Key storage->TrustedCAs from the list of nodes.

image

In the Entry, select create button to generate a new digital certificate,
If you already have the certificate, you can import the certificate using the “Load“ option as shown above.

Enter the following information,when you create a digital certificate

image

After entering the required information, Select the check box “Store Certificate”. Press “Generate” button to generate the certificate
The digital certificate generated is not trusted. There are some external organizations which will trust the certifcates.
We can also get the certifcates trusted by SAP.
SAP also provides trial certificates which are valid for 8 weeks

In order to get the certificate trusted by the external organizations, Keep the cursor on certificate you have created &
select “Generate CSR request” button. System will request the file name to be stored.

image

Open the file using note pad, Copy the content

image

In order get the Trial certificate from SAP, log on to the Service market place using the following URL
http://service.sap.com/tcs

image

Select the option SSL Test server Certificates.

image

Select the Test it now button, Copy the content of the client certificate request from the file, paste
the content in the space provided & press continue

image

SAP will generate the test certificate as shown below copy the content into a text file.

image

Import the Test certificate using the “Import CSR Response” option as shown below

image

Now the certificate is trusted, We need to distribute the public key to partners to whom we want to collaborate.

2. How to use Digital Certificates in XI ?
While creating the communication channel for mail adapter, select S/MIME button as shown below

image

In the Receiver agreement, Enter the following parameters

Security Profile : Sign & Encrypt
Enter the certificate for Signature
Enter the certificate for Encryption

image

These are steps involved for configuring the Digital signature & Encryption for mail adapter.

To report this post you need to login first.

6 Comments

You must be Logged on to comment or reply to a post.

  1. Jian Yang
    Hi, could you please explain a little about the key used for the encrption? Where the key is coming from etc…

    Thanks,

    (0) 
    1. Varadharajan Krishnasamy Post author
      Hi,
         When you want to encrypt a message, you need to get the public key from the partner & need import it into XI & use that in the Receiver agreement. The Receiver will be using the private key to decrypt the message.
      (0) 
  2. Henrique Pinto
    Hey V,

    nice overview on keystore for digital signatures.

    However, I don’t think it is a good idea to maintain your end certificate in the Trusted CAs view. It is intended for the Certification Authorities certificates only (a CA certificate is the top most certificate in the certification chain of a properly signed certificate).

    You should use this view if you wanted to use a certificate which was signed by a CA which is not in the Trusted CAs list, then you would import the CA certificate (and only it) in the Trusted CAs view.

    For your end certificates (the certificates which you’ll be actually using in your applications), a better aproach would be to use a standard end-certificate view (such as the “Default” view) or to create your custom view.

    Regards,

    Henrique.

    (0) 
  3. José Nunes
    Hi,

    you gave a really good overview about using encryption with the mail adapter, but if I want to use encryption with SOAP or HTTP to consume a web service? Can you give me some light about this topic?

    In my case i need to use PKCS7/CMS standard to do that.

    Thanks in advance.

    (0) 

Leave a Reply