Perspective of information security should be considered during system integration, especially for B2B integration scenario, Now we can turn on https service port and provide security service if you chosen SAP PI to realize system integration,at this post i’ll demonstrate how to configure PI https service and apply SOAP Sender and receiver adapter for dual stack PI installation,
ICM https configuration
1. Installing the SAP Cryptographic Library for SSL
Download SAP Cryptographic Library from sap marketplace, file:SAPCRYPTOLIB_XXX.SAR
2. Extract sar file
sapcar –xvf SAPCRYPTOLIB_XXX.SAR(include sapgenpse.exe,sapcrypto.dll,ticket)
copy file sapgenpse.exe,sapcrypto.dll into PI’s $DIR_CT_RUN for example /usr/sap/<SID>/SYS/exe/uc/NTAMD64, and then restart the system.
copy file ticket o the $(DIR_INSTANCE)/sec directory
3. Maintain ICM parameters for using SSL.
Default profile C:\usr\sap\<SYSID>\SYS\profile
open profile add below setting:
# SSL Configuration: Location of the SAP Cryptographic Library
ssl/ssl_lib = $(DIR_EXECUTABLE)$(DIR_SEP)$(FT_DLL_PREFIX)sapcrypto$(FT_DLL)
# https port configuration
icm/server_port_5 = PROT=HTTPS,PORT=5$(SAPSYSTEM)01,VCLIENT=1
4. then goto smicm you will find https service is actived
1. Goto NWA, http://<host>:<port>/nwa , configuration -> security -> certificates and keys
Select key storage views: ICM_SSL_<XXX> ,
Delete old certificates and create new.
Configure soap https sender adapter
1. configure https without client authentication
2. distribute PI’s certificate to consumer
before partner can consume your web service, you need to distribute PI’s certificate and wsdl to service consumer, to get pi’s certificate, you can perform as below
SOAP receiver adapter
1. import certificate to certificate to views
you need to get certificate file from service provider,also you can get it as above. and then import this certificate to views :TrustedCAs,in this example certificate is mesdev.
2. Configuration soap receiver adapter using view TrustedCAs and key mesdev