Skip to Content
Technical Articles

SAP IBP Data Integration via CPI-DS – How to configure SSL on webservice datastores

Many enterprises typically use SSL in interface communications for security reasons. In this blog, you will get an example to know how to configure SSL in SAP Cloud Platform Integration for data services (CPI-DS) .

Let’s assume the following scenario: CPI-DS want to call an SSL web service which provide by SAP product or 3rd part product. That means we need to import service provider’s CA for CPI-DS. How to get CA? How to Import CA? How to configure it in CPI-DS? Let’s have a look at this solution step by step.

1. How to get CA

 

1.1 Open certificate page

Open target WDSL link by SSL connection. For Chrome, we need to click lock icon and choose certificate.

Tips:

If you got a http WSDL URL like this:

http://<host>:8000/sap/bc/srt/wsdl/….

You should change the URL like this:

https://<host>:443/sap/bc/srt/wsdl/….

Otherwise you can’t see the lock icon in Chrome.

 

1.2 Identify Certificate Chain

There is a certificate chain, including Root CA, Intermediate CA and SSL server CA. In next step, we’ll export these certificates one by one.

 

1.3 Export Certificates

Let’s start from Root CA. In certificate path sheet, double click Root CA’s icon, it will pop-up Root CA ‘s certificate page, go to the details sheet and click ‘Copy to file’ button.

Follow the wizard to export CA, make sure to export with Base 64 format.

Repeat above steps to export remaining two certificates. After finished these works, we will get 3 certificates like this:

 

1.4 Merge all certificates into one

Open these certificates from notepad or any editor tool to get certificates’ content.

Create a new text file to merge these certificates’ content.

The final format is like below:

—–BEGIN CERTIFICATE—–

SSL Server CA content

—–END CERTIFICATE—–

—–BEGIN CERTIFICATE—–

Intermediate CA content

—–END CERTIFICATE—–

—–BEGIN CERTIFICATE—–

Root CA content

—–END CERTIFICATE—–

Change the text file suffix to .cer.  So far, we have successfully exported the certificate.

 

2. How to Import CA

 

2.1 Put CA to Data Service Agent server’s folder ‘trusted_certs’

We need to import the certificate file which we have created in step 1.4 to Data Service Agent server’s file folder.

Go to the folder %LINK_DIR%\ ssl\trusted_certs

In this example, the DS Agent has been installed in windows server. If your DS Agent has used default installation path, the folder address would like:

C:\Program Files\SAP\DataServicesAgent\ssl\trusted_certs

 

2.2 Modify configuration file on DS Agent server

Let’s go to the folder %LINK_DIR%\ext

Copy ‘webservice-c’ folder and rename it to webservice-<web service name or any name>.  For example, webservice-weather

2.3 Modify axis2.xml

Open the folder which we just copied, find axis2.xml.

Modify the following part:

a. Comment out ‘KEY_FILE’ and ‘SSL_PASSPHRASE’

b. Uncomment ‘SERVER_CERT’ part

c. Point ‘SERVER_CERT’ to the exact path of the certificate has been created in step 2.1

Tips:

No need ‘KEY_FILE’ and ‘SSL_PASSPHRASE’ in this example, because all certificates have been merged and no passphrase used.

 

3. How to configure it in CPI-DS

 

This step is very simple, only one more configuration field than the HTTP webservice.

3.1 Set Axis2/c configuration file path

Fill Axis2/c configuration file path to the folder location which created in step 2.2.

Hopefully, this article will help you better understand how to configure SSL on webservice datastores. You can refer to the SAP notes as below for more information.

SAP note: 1771712 – How to configure SSL on the native web service datastore – SAP Data Services and SAP Cloud Platform Integration for Data Services

 

Be the first to leave a comment
You must be Logged on to comment or reply to a post.