Why this blog?
Now, it seems to be that some people struggled with the setup of certificates and the signing mechanism in SAP PI/PO and the Mendelson (or other) AS2 software.
In this blog I will try to highlight, based on an example(*), the different steps needed to generate and import keys and certificates.
In case you feel parts are missing, please give me a sign and I will add it to this blog.
(*) the example here is an inbound scenario where Mendelson AS2 is used as a sender of messages and within SAP PI/PO, a sender AS2 communication channel is needed.
2 key stores (.p12 files) are used:
- Delivered by Mendelson
- Created using the SAP NetWeaver Administrator
Within a key store, a private and a public key is available.
Configuration for keys and certificates
Do not forget to import SAP PO’s public key into the Mendelson key store and the other way around.
Configuration in the Mendelson AS2 software
Within Mendelson, 2 partners must be configured: 1 local station (being the sender) and 1 to receive messages.
Configuration of the sender AS2 communication channel
Important remark 1
Download and install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy.
If not, problems will arise concerning signing of messages on the SAP PO server.
Files local_policy.jar and US_export_policy.jar must be overwritten on the SAP PO host and on the machine where MendelsonAS2 is running.
Important remark 2
The user to create this scenario and the one used in the HTTP authentication part in the Mendelson, needs the following roles
Also, make sure the users PIAF<SAPSID>, PIDIR<SAPSID> and PIIS<SAPSID> are added to the Administrators group and they have role SAP_XI_ADMINISTRATOR_J2EE assigned.