Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
In the Part I of the tutorial we saw how to configure SCI with SCP. In this part II we will see how to configure SAP Gateway and SCP for the trust connection.
Generate certificate with the following commands in CMD (windows):
Create certificate: add password and press intro and in the following next question about “alias password” just press intro (with blank password).
keytool -genkey -keyalg DSA -alias alias -keystore certificate_dsa.jks -dname "CN=HCP"
Export certificate using: add password and press intro, in the following question add password created in the previous step “Enter source keystore password”.
Copy file “certificate_dsa.pem” and rename to “pub.crt”
Edit file “pub.crt” with notepad to eliminate PRIVATE KEY, we will also delete this text “----BEGIN CERTIFICATE-----” and “----END CERTIFICATE----”:
Copy file “certificate_dsa.pem” and rename to “priv.pem”
Edit file “priv.pem” with notepad to eliminate CERTIFICATE, we will also delete this text “----BEGIN PRIVATE KEY-----” y “----END PRIVATE KEY----”
Create destination in SAP Cloud Platform to connect with SAP GATEWAY:
Goes to the “Connectivity” -> “Destinations” in SCP coockpit
The destination should have the following parameters:
URL: URL of the Gateway service deployed in the on-premise system (this URL can be changed if the Cloud Connector is used, where we will use the virtual address and port)
Recipient SID: System ID of Gateway
Recipient Client: Mandant of Gateway
Certificate: Copy string content from “pub.crt”
Signing key: Copy string content from “priv.pem”
Configuration in SAP Gateway:
Before we start, we will verify the SAP Gateway SSO configuration, so lets go to the transaction: RZ10
Select system configuration in search help
Click the option “Extended Maintenance” and then press “display”
In the following screen the following values should appear:
login/create_sso2_ticket = 2
login/accept_sso2_ticket = 1
We add the created certificate to transaction TRUSTSSO2 following the next steps:
Select folder “System PSE”
Press edit button
Upload the file “pub.crt” with upload button
After upload file has finished insert certificate with button “Add to certificate List”
Push button to create el ACL with “Add to ACL”
Add the following values (this data must match those indicated in the generation of the certificate and the information of the destination in SCP
Now, when logging in with the user created in SCI we can access a UI5 application deployed in SCP and that obtains data from an onpremise system.