Skip to Content

In this blog I would like to discuss how to configure Java based HTTP adapter (HTTP_AAE) receiver communication channel configuration by using HTTPS URL.

Business requirement: Currently we are using SAP PI 7.31 Java only system, we need to send the data to customer by using java based HTTP (HTTP_AAE) adapter with HTTPS URL.

To use the HTTPS url we need to activate SSL and apply HTTPS certificate

Generate SSL:

Lo-gin to NWA->Configuration->Security->Certification and Keys

/wp-content/uploads/2012/09/1_138394.jpg

Select “Service_ssl” key store view then click on Create button

/wp-content/uploads/2012/09/2_138395.jpg

Provide the Entry name, Algorithm, Key length and valid date details and click on Next

/wp-content/uploads/2012/09/3_138396.jpg

Provide the details then click on Finish.

/wp-content/uploads/2012/09/4_138397.jpg

Download the entry which we created by clicking “Generate CSR Request” button.

/wp-content/uploads/2012/09/5_138409.jpg

Apply the certificate (After download we will send this to certificate authority like VeriSign or mail or ….. then they will add keys and send back to us).

Now we have 2 or 3 certificates (Root, Intermediate [optional, if any 3rd party person is there in the middle then we can get this certificate] and system certificates). Place all the certificate keys in one file [must be in order as Root, Intermediate and System certificate keys] then import the same file to PI server by clicking “Import CSR Response”

/wp-content/uploads/2012/09/6_138399.jpg

Then provide the certificate path

/wp-content/uploads/2012/09/7_138400.jpg

Activate SSL

NWA->Configuration->Security->SSL

/wp-content/uploads/2012/09/8_138401.jpg

Click on Edit then click on Add button in SSL Access points

Give PSE file path (File path is //usr/sap/<SID>/J<Instance_number>/sec)

  Note: PSE file generates when we are installing the PI server, this file stores in the above path and this file contains system information.

/wp-content/uploads/2012/09/9_138402.jpg

Now SSL is active.

HTTPS certificate.

This is a separate certificate we need to generate and send to the certificate authority then apply the certificate (same like above process but here we need to apply the root, intermediate and system certificates separately).

Root certificate

/wp-content/uploads/2012/09/10_138403.jpg

/wp-content/uploads/2012/09/11_138404.jpg

And next update the Intermediate and system certificates on “Trusted CAs” tab

/wp-content/uploads/2012/09/12_138405.jpg

restart the server.

HTTP_AAE Receiver Communication Channel Configuration

My client provided 2 URLs, one is HTTP URL and the second one is HTTPS URL.

URLs are as follows

In receiver HTTP_AAE communication channel with HTTP URL is normal, we just gives the HTTP server and URL details.

HTTPS URL Configuration:

HTTP_AAE communication channel with HTTPS URL

/wp-content/uploads/2012/09/13_138406.jpg

Use SSL: If we select this option means we are using HTTPS URL, if customer wants certificates then we can select certificate checkbox and provide the certificate details.

Let’s go to communication channel monitoring and ping the communication channel (HTTP)

/wp-content/uploads/2012/09/14_138407.jpg

Ping the communication channel in communication channel monitoring (HTTPS).

/wp-content/uploads/2012/09/15_138408.jpg

Conclusion:

I believe this blog would provide better understanding of how to configure the java based HTTP adapter receiver communication channel by using HTTP and HTTPS URLs.

References:

http://help.sap.com/saphelp_nw73ehp1/helpdata/en/6d/c2b39dae45482e90d3352345cbf427/frameset.htm

http://help.sap.com/saphelp_nw73ehp1/helpdata/en/48/cbb493cea80783e10000000a42189d/frameset.htm

http://help.sap.com/saphelp_nw73ehp1/helpdata/en/4a/015cc68d863132e10000000a421937/frameset.htm

To report this post you need to login first.

4 Comments

You must be Logged on to comment or reply to a post.

  1. Manuel Paul Gonzaga

    Hi Venkata,

    Thanks for the idea..

    I have the same scenario and we are having problems with the certificates. The error is stating “

    com.sap.aii.adapter.http.api.HttpAdapterException:

    ERROR_SENDING_HTTP_REQUEST,

    sun.security.validator.ValidatorException:

    PKIX path building

    failed:

    sun.security.provider.certpath.SunCertPathBuilderException:

    unable to find

    valid certification path to requested

    target

    “.

    We already have the certificate .cer, .crt, .p7b, .p7c, root-ca.crt, sub-ca.crt.

    1. From these 5 certificates do you know which are the root, intermediate and system certificates?

    2. How do you combine them inorder?

    3. These certificates was provided by our CA but we didn’t use SAP to create a certificate to generate a CSR? So, are these 5 resulting certificates still valid in the HTTP_AAE receiver channel.

    (0) 

Leave a Reply