Skip to Content
Author's profile photo Former Member

Configure the HTTP_AAE receiver communication channel with SSL

In this blog I would like to discuss how to configure Java based HTTP adapter (HTTP_AAE) receiver communication channel configuration by using HTTPS URL.

Business requirement: Currently we are using SAP PI 7.31 Java only system, we need to send the data to customer by using java based HTTP (HTTP_AAE) adapter with HTTPS URL.

To use the HTTPS url we need to activate SSL and apply HTTPS certificate

Generate SSL:

Lo-gin to NWA->Configuration->Security->Certification and Keys


Select “Service_ssl” key store view then click on Create button


Provide the Entry name, Algorithm, Key length and valid date details and click on Next


Provide the details then click on Finish.


Download the entry which we created by clicking “Generate CSR Request” button.


Apply the certificate (After download we will send this to certificate authority like VeriSign or mail or ….. then they will add keys and send back to us).

Now we have 2 or 3 certificates (Root, Intermediate [optional, if any 3rd party person is there in the middle then we can get this certificate] and system certificates). Place all the certificate keys in one file [must be in order as Root, Intermediate and System certificate keys] then import the same file to PI server by clicking “Import CSR Response”


Then provide the certificate path


Activate SSL



Click on Edit then click on Add button in SSL Access points

Give PSE file path (File path is //usr/sap/<SID>/J<Instance_number>/sec)

  Note: PSE file generates when we are installing the PI server, this file stores in the above path and this file contains system information.


Now SSL is active.

HTTPS certificate.

This is a separate certificate we need to generate and send to the certificate authority then apply the certificate (same like above process but here we need to apply the root, intermediate and system certificates separately).

Root certificate



And next update the Intermediate and system certificates on “Trusted CAs” tab


restart the server.

HTTP_AAE Receiver Communication Channel Configuration

My client provided 2 URLs, one is HTTP URL and the second one is HTTPS URL.

URLs are as follows

In receiver HTTP_AAE communication channel with HTTP URL is normal, we just gives the HTTP server and URL details.

HTTPS URL Configuration:

HTTP_AAE communication channel with HTTPS URL


Use SSL: If we select this option means we are using HTTPS URL, if customer wants certificates then we can select certificate checkbox and provide the certificate details.

Let’s go to communication channel monitoring and ping the communication channel (HTTP)


Ping the communication channel in communication channel monitoring (HTTPS).



I believe this blog would provide better understanding of how to configure the java based HTTP adapter receiver communication channel by using HTTP and HTTPS URLs.


Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Manuel Paul Gonzaga
      Manuel Paul Gonzaga

      Hi Venkata,

      Thanks for the idea..

      I have the same scenario and we are having problems with the certificates. The error is stating "


      PKIX path building


      unable to find

      valid certification path to requested



      We already have the certificate .cer, .crt, .p7b, .p7c, root-ca.crt, sub-ca.crt.

      1. From these 5 certificates do you know which are the root, intermediate and system certificates?

      2. How do you combine them inorder?

      3. These certificates was provided by our CA but we didn't use SAP to create a certificate to generate a CSR? So, are these 5 resulting certificates still valid in the HTTP_AAE receiver channel.

      Author's profile photo Avinash Mallashetty
      Avinash Mallashetty

      what is the scenario? test payload used?

      How the ico works at runtime?

      Author's profile photo Teddy Løv Andersen
      Teddy Løv Andersen

      Good blog.

      If you face "Ticket file NOT found" in the step SSL Activate, you just create a dummy file called Ticket in the path //usr/sap/<SID>/J<Instance_number>/sec.


      Author's profile photo Philippe Addor
      Philippe Addor

      Funny enough, the author had the same error as can be seen in the screenshot above, but he didn't mention anything about it...

      Author's profile photo Former Member
      Former Member

      Hi @Venkat Boppana,

      Nice Blog.

      I am trying to connect HTTPS URL ( external Server) via HTTP_AAE.

      Do i need to select Use SSL( PI having HTTP server alone)

      Please confirm.

      Best Regards,

      Suresh S

      Author's profile photo Philippe Addor
      Philippe Addor

      Yes you do… It’s the receiver which is https, not the sender, and thah’s why you configure it in the http receiver adapter. 

      Author's profile photo ID ANDHER

      Hi Venkat,

      I see the client provided you the URLs to use, but I have a question, eg. if my scenario is as below,


      and PI is acting as provider and will expose the information from ECC, using the REST adapter

      how do I create the URL so legacy system can consume it ?


      Thanks in advance.




      Author's profile photo Philippe Addor
      Philippe Addor

      This blog is confusing, is it really required to make PO run on an SSL port itself if you just want to create connections to third-party SSL servers? (not the other way round, means no inbound SSL connections).