Additional Blogs by Members
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Configuring WS Receiver with Client Certificates in PI 7.3

Former Member
‎02-12-2013 12:09 PM

Introduction

This document explains the detailed tasks to be performed during configuration of the receiver WS adapter supporting the https with client certificate. It also explains the issues faced and resolutions taken during the configuration approach.

 

Scenario
 
 
  Fig 1, Landscape Overview

In the figure 1, Sap PI is the Consumer and Sap ERP is the provider of the web service. The WS adapter at sap PI is used for sending messages to sap ERP. The transmission is https with client certificate authentication enabled.

   

Pre-requisites

 

The following steps needs to be performed

 

  1. Obtain the WSDL URL, userid and password of the Sap ERP system i.e, service provider system.
  2. Obtain the End point URL
  3. Enter the WSDL url in a web browser and see if it works.
  4. You can also test the end point of the webservice using Soap client such as SoapUI.

       

Certificate generation

 

Go to transaction Strust of sap PI system and right click on the SSL client SSL Client (Standard) and create it. Now export the CSR request, either you copy it from the clipboard or save it as a file and send it to the CA of Sap ERP. The CA will sign the CSR and
send you the certificate in PKCS#7 format. Once you receive this you need to import it into the SSL client SSL Client (Standard) PSE.


Fig 2, STRUST

Configuration of Integration Objects

 

Configure the receiver communication channel as below with WSDL and end point url.

 

In the securities section, select Communication security as “HTTPS (Transport channel security)” and authentication method as “X.509 SSL Client certificate”.

Receiver Communication Channel

 

Fig 3, Receiver Communication Channel


In Receiver agreement ensure the correct PSE is chosen where the client certificate is loaded, in this it is “DFAULT” which indicates that
the certificates are uploaded in SSL client SSL Client (Standard).

 

    

Fig 4, Receiver Agreement

Debugging objects activation issues

 

Ensure the following checks are done to be certain that the configuration objects are generated without issues.

 

  1. Go to transaction SXI_CACHE to check whether the receiver agreement objects are created properly.
  2. Go to transaction SOAMANAGER and use the service interface name and check with the Consumer option and search. The Logical port will be displayed and additional tabs such as security web service addressing, messaging will have the respective values.
  3. Go to transaction SM59 and search for the logical port number (This would be a large alpha numeric string) identified using the above step in connection to HTTP connection to external Serv.
  4. Ping this and confirm if the connection works fine. For more information check the SMICM logs.

Test the interface and see the message flow without any issues.

2 Comments
Popular Blog Posts