Skip to Content
Author's profile photo Pierre Hirson

PI: Update your security to connect to Salesforce.

Background:

You are using SAP NetWeaver Process Integration (PI) and you have previously created or you plan to create a scenario connecting to Salesforce.

Why do I have to update the Transport Layer Security (TLS)?:

Starting in June 2016, Salesforce have began disabling the TLS 1.0 encryption protocol in a phased approach across impacted Salesforce services. The disablement of TLS 1.0 will prevent it from being used to access the Salesforce service within inbound and outbound connections (1).

Also, the older versions of PI use at maximum TLS 1.0. So you will need to update your system to be able to communicate with Salesforce with TLS 1.1 and/or TLS 1.2.

What will happen if I do not update my system to use TLS 1.1/1.2?

If you do not update your system, you will then not be able to configure a scenario accessing Salesforce.
You will also face an error when running your scenario. This error might be similar to the following one:

“TLS 1.0 has been disabled in this organization. Please use TLS 1.1 or higher when connecting to Salesforce using https.”

 

How do I update my PI system to use TLS 1.1/1.2?

Please review and apply SAP KBA 2344735 PI: Salesforce error with TLS 1.0 (2).

Important Points:

  • As mentioned in the KBA, you have to update the Software Component SERVERCORE according to SAP Note 2284059 Update of SSL library within NW Java server (3).
  • You should also apply every dependent Software Components as per SAP Note 1794179 Importing AS Java Core patches for NetWeaver 7.1+ (4).
  • In general no further configuration steps are required after the update. All configurations in regards to usage of trusted certificates/keystore etc. remains unchanged.
  • Due to the fact that the default range of supported TLS versions was extended it is possible that you will meet an old legacy system, not able to select a lower TLS version as a response of TLS client_hello containing TLS1.2 as highest possible version. Because of this we recommend to test all connections in QA/Test envoroment before implementing this note in production.

Sources:

(1) Salesforce disabling TLS 1.0
(2) SAP KBA 2344735 PI: Salesforce error with TLS 1.0

(3) SAP Note 2284059 Update of SSL library within NW Java server

(4) SAP Note 1794179 Importing AS Java Core patches for NetWeaver 7.1+

Assigned Tags

      5 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Troy Cronin
      Troy Cronin

      Great job Pierre and very informative, looking forward to more blogs in the future 😎

      Author's profile photo Former Member
      Former Member

      Good job Pierre. The Sales-force issue has started bugging all PI support team and every one wanted the PI solution in single place.Appreciate your effort in  consolidating  info from different sources and publishing it as an blog.

      Author's profile photo Pierre Hirson
      Pierre Hirson
      Blog Post Author

      Thank you for taking the time to read my blog. Feel free to comment below if you still face any issue with it. Any feedback are welcome! 🙂

      Author's profile photo Former Member
      Former Member

      Hello,  How do I configure my scene and salesforce to build links, both currently doesn't       communications;

      this is the error:

      failed    to  call the  endpoint:eccor in call over HTTP:HTTP 0 NULL.

       

      I hope you can reply me, I really need your help

      Author's profile photo Taranpreet Kaur
      Taranpreet Kaur

      Thank you Pierre.

      I am looking for an option pull data directly from Salesforce tables using SAP PI 7.1 or SAP PO 7.5, like we use JDBC to pull data from SQL server. Is there any adapter to pull data directly from Salesforce Tables?