Skip to Content

    Perspective of information security should be considered during system integration, especially for B2B integration scenario, Now we can turn on https service port and provide security service if you chosen SAP PI to realize system integration,at this post i’ll demonstrate how to  configure PI https service and apply SOAP Sender and receiver adapter for dual stack PI installation,


ICM https configuration


1. Installing the SAP Cryptographic Library for SSL

     Download SAP Cryptographic Library from sap marketplace, file:SAPCRYPTOLIB_XXX.SAR

downloadCryptographic.png

2.     Extract sar file

        sapcar –xvf SAPCRYPTOLIB_XXX.SAR(include sapgenpse.exe,sapcrypto.dll,ticket)

        copy file sapgenpse.exe,sapcrypto.dll into PI’s $DIR_CT_RUN for example /usr/sap/<SID>/SYS/exe/uc/NTAMD64, and then restart the system.

        copy file ticket o the $(DIR_INSTANCE)/sec directory

3.      Maintain ICM parameters for using SSL.

          Default profile C:\usr\sap\<SYSID>\SYS\profile

     /wp-content/uploads/2014/09/profile_551310.png


         open profile add below setting:

          # SSL Configuration: Location of the SAP Cryptographic Library

          ssl/ssl_lib = $(DIR_EXECUTABLE)$(DIR_SEP)$(FT_DLL_PREFIX)sapcrypto$(FT_DLL)

          # https port configuration

          icm/server_port_5 = PROT=HTTPS,PORT=5$(SAPSYSTEM)01,VCLIENT=1


4.  then goto smicm you will find https service is actived

/wp-content/uploads/2014/09/smicm_551311.png


Create certificate


1.     Goto NWA,  http://<host>:<port>/nwa , configuration -> security -> certificates and keys

             Select key storage views: ICM_SSL_<XXX> ,

             Delete old certificates and create new.

/wp-content/uploads/2014/09/keyviews_551312.png



Configure soap https sender adapter

         

     1.  configure https without client authentication

           soap sender adapter.png

      2. distribute PI’s certificate to consumer

         before partner can consume your web service, you need to distribute PI’s certificate and wsdl to service consumer, to get pi’s  certificate, you can                     perform as below

           /wp-content/uploads/2014/09/export_551323.png


SOAP receiver adapter

1. import certificate to certificate to views

     you need to get certificate file from service provider,also you can get it as above. and then import this certificate to views :TrustedCAs,in this          example      certificate is mesdev.

import certificate.png



2.    Configuration soap receiver adapter using view TrustedCAs and key mesdev

soap reciver adapter.png

To report this post you need to login first.

1 Comment

You must be Logged on to comment or reply to a post.

Leave a Reply