How to configure SAP XI/PI for secure connectivity to an eCommerce Web Server
In my current project, we developed an interface to send purchase orders from ECC system to an eCommerce web server (in our case, it was perfect Commerce server). We configured XI to connect to pCommerce server using HTTP(S). A pictorial representation of the scenario is below.
Solution: I have described below, the step-by-step solution (I will go into each with more details.)
1) Download X.509 digital certificate from web server (pCommerce).
2) Install the X.509 digital certificate in SAP XI using STRUST TCODE
3) Create RFC destination in SAP XI & refer to the certificate in above step
4) Configure IR objects.
5) Configure ID objects.
STEP 1: Download X.509 digital certificate from web server (pCommerce)
1. Access the desired HTTPS web server using your Internet Browser. (In this blog, I have used Internet Explorer 7.0 & I am referring to a different web server for demo purpose)
2. Click on the lock icon in address bar.
3. Now, click on View certificates. In the pop-up window that opens, choose “Certification Path” tab, select the node that ends with “Enterprise CA”, then, select “View Certificate” button.
4. Another pop-up window opens up, now, select “Details” tab, and then click “Copy to File” button. This will open up the “Certificate Export” wizard.
5. In the Certificate Export Wizard, choose the certificate format you want to use, click Next, and then save the certificate file in your local desktop. In this example, I have chosen the Base-64 encoded X.509 certificate format.
STEP 2: Install the X.509 digital certificate in SAP XI using STRUST TCODE.
1. Log onto SAP XI ABAP stack, go to STRUST TCODE, and select the XI server node under SSL Client (Anonymous). This XI server node should be in “Green” Status.
2. Now, click on import certificate icon, and, select the certificate file downloaded in STEP 1.
3. Now, click “Add to Certificate List” and the current certificate will be added to the “Cert List”.
STEP 3: Create RFC destination in SAP XI & refer to the certificate in above step
1. In SM59 TCODE, create New HTTP Destination to external Server.
2. Provide a name for the RFC Destination, and select Connection Type as G, then provide a description.
3. Goto Logon/Security tab and select Logon Procedure as Basic Authentication and select “Active” radio button against SSL. A screen shot is below.
4. Choose the SSL Client Certificate as “SSL Client (Anonymous)”(the one we created in STEP 2)
5. Now, enter user name and password used to access the pCommerce server.
6. In the Technical Settings tab, provide Target Host Name, Service No. as 443 and Path Prefix. These details would have been made available to you by means of a URL, e.g., anewcommerce.com:443/invoke/pub.xi.Router/inboundMessageObject.
In this case
Target Host: anewcommerce.com
Service No.: 443
Path Prefix: /invoke/pub.xi.Router/inboundMessageObject
7. Timeout, HTTP Setting and Cookies can be handled in Special Options tab.
8. To ensure successful connectivity between pCommerce server and SAP XI, click on Test Connection to get response message.
STEP 4: Configure IR objects
1. We had received an XSD file for the target pCommerce message structure; we imported it into XI IR as an external definition. Then we did the mapping from the ORDERS05 IDOC to this pCommerce XSD.
STEP 5: Configure ID objects (HTTP Communication Channel)
1. Create HTTP Receiver Communication channel in ID.
2. For the HTTP Destination, specify the name of the RFC destination created in STEP 3.
3. Use this HTTP communication channel in the receiver agreement.
Using the above steps, we were able to successfully download, install the digital certificate and communicate to pCommerce server using HTTPS. Hope you found this useful.