Many enterprises typically use SSL in interface communications for security reasons. In this blog, you will get an example to know how to configure SSL in SAP Cloud Platform Integration for data services (CPI-DS) .
Let's assume the following scenario: CPI-DS want to call an SSL web service which provide by SAP product or 3rd part product. That means we need to import service provider’s CA for CPI-DS. How to get CA? How to Import CA? How to configure it in CPI-DS? Let's have a look at this solution step by step.
1.1 Open certificate page
Open target WDSL link by SSL connection. For Chrome, we need to click lock icon and choose certificate.
Tips:
If you got a http WSDL URL like this:
http://<host>:8000/sap/bc/srt/wsdl/.
You should change the URL like this:
https://<host>:443/sap/bc/srt/wsdl/.
Otherwise you can't see the lock icon in Chrome.
1.2 Identify Certificate Chain
1.3 Export Certificates
Let’s start from Root CA. In certificate path sheet, double click Root CA’s icon, it will pop-up Root CA ‘s certificate page, go to the details sheet and click ‘Copy to file’ button.
Follow the wizard to export CA, make sure to export with Base 64 format.
1.4 Merge all certificates into one
Open these certificates from notepad or any editor tool to get certificates’ content.
Create a new text file to merge these certificates’ content.
The final format is like below:
-----BEGIN CERTIFICATE-----
SSL Server CA content
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Intermediate CA content
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Root CA content
-----END CERTIFICATE-----
Change the text file suffix to .cer. So far, we have successfully exported the certificate.
2.1 Put CA to Data Service Agent server’s folder ‘trusted_certs’
We need to import the certificate file which we have created in step 1.4 to Data Service Agent server’s file folder.
Go to the folder %LINK_DIR%\ ssl\trusted_certs
In this example, the DS Agent has been installed in windows server. If your DS Agent has used default installation path, the folder address would like:
C:\Program Files\SAP\DataServicesAgent\ssl\trusted_certs
2.2 Modify configuration file on DS Agent server
Let’s go to the folder %LINK_DIR%\ext
Copy ‘webservice-c’ folder and rename it to webservice-<web service name or any name>. For example, webservice-weather
2.3 Modify axis2.xml
Open the folder which we just copied, find axis2.xml.
Modify the following part:
a. Comment out ‘KEY_FILE’ and ‘SSL_PASSPHRASE’
b. Uncomment ‘SERVER_CERT’ part
c. Point ‘SERVER_CERT’ to the exact path of the certificate has been created in step 2.1
Tips:
No need ‘KEY_FILE’ and ‘SSL_PASSPHRASE’ in this example, because all certificates have been merged and no passphrase used.
This step is very simple, only one more configuration field than the HTTP webservice.
3.1 Set Axis2/c configuration file path
Hopefully, this article will help you better understand how to configure SSL on webservice datastores. You can refer to the SAP notes as below for more information.
SAP note: 1771712 - How to configure SSL on the native web service datastore - SAP Data Services and SAP Cloud...
Let's assume the following scenario: CPI-DS want to call an SSL web service which provide by SAP product or 3rd part product. That means we need to import service provider’s CA for CPI-DS. How to get CA? How to Import CA? How to configure it in CPI-DS? Let's have a look at this solution step by step.
1. How to get CA
1.1 Open certificate page
Open target WDSL link by SSL connection. For Chrome, we need to click lock icon and choose certificate.
Tips:
If you got a http WSDL URL like this:
http://<host>:8000/sap/bc/srt/wsdl/.
You should change the URL like this:
https://<host>:443/sap/bc/srt/wsdl/.
Otherwise you can't see the lock icon in Chrome.
1.2 Identify Certificate Chain
1.3 Export Certificates
Let’s start from Root CA. In certificate path sheet, double click Root CA’s icon, it will pop-up Root CA ‘s certificate page, go to the details sheet and click ‘Copy to file’ button.
Follow the wizard to export CA, make sure to export with Base 64 format.
1.4 Merge all certificates into one
Open these certificates from notepad or any editor tool to get certificates’ content.
Create a new text file to merge these certificates’ content.
The final format is like below:
-----BEGIN CERTIFICATE-----
SSL Server CA content
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Intermediate CA content
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Root CA content
-----END CERTIFICATE-----
Change the text file suffix to .cer. So far, we have successfully exported the certificate.
2. How to Import CA
2.1 Put CA to Data Service Agent server’s folder ‘trusted_certs’
We need to import the certificate file which we have created in step 1.4 to Data Service Agent server’s file folder.
Go to the folder %LINK_DIR%\ ssl\trusted_certs
In this example, the DS Agent has been installed in windows server. If your DS Agent has used default installation path, the folder address would like:
C:\Program Files\SAP\DataServicesAgent\ssl\trusted_certs
2.2 Modify configuration file on DS Agent server
Let’s go to the folder %LINK_DIR%\ext
Copy ‘webservice-c’ folder and rename it to webservice-<web service name or any name>. For example, webservice-weather
2.3 Modify axis2.xml
Open the folder which we just copied, find axis2.xml.
Modify the following part:
a. Comment out ‘KEY_FILE’ and ‘SSL_PASSPHRASE’
b. Uncomment ‘SERVER_CERT’ part
c. Point ‘SERVER_CERT’ to the exact path of the certificate has been created in step 2.1
Tips:
No need ‘KEY_FILE’ and ‘SSL_PASSPHRASE’ in this example, because all certificates have been merged and no passphrase used.
3. How to configure it in CPI-DS
This step is very simple, only one more configuration field than the HTTP webservice.
3.1 Set Axis2/c configuration file path
Hopefully, this article will help you better understand how to configure SSL on webservice datastores. You can refer to the SAP notes as below for more information.
SAP note: 1771712 - How to configure SSL on the native web service datastore - SAP Data Services and SAP Cloud...
- SAP Managed Tags:
