cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

what is the use of Create Keypair/ SSH certificates in CPI

mounikaravilla
Explorer

on ‎07-08-2023 8:32 PM

0 Kudos

In CPI, we have the option to create Keypair and SSH certificates in Keystore. Could anyone help us in understanding what is the need of creating the certificates & where can we use that (If you could help with sample scenarios).

I have worked with scenarios where we add the certificates but not sure about the scenarios where we have to create them.

Thanks in advance

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

karthikarjun
Active Contributor
‎07-10-2023 6:34 AM

Hi mounikaravilla -

In SAP Integration Suite, the "Create Keypair" feature allows users to upload certificates for both inbound and outbound systems. These certificates are used during runtime to authenticate the servers. A key pair consists of two cryptographic keys, a public key and a private key. This concept is similar to the SSH (Secure Shell) protocol, where a key pair is used for authentication. In the context of SSH, SSH certificates serve as an extension to traditional key pair-based authentication, enhancing security and flexibility.

Regards,

Karthik Arjun

Show replies
Show replies
mounikaravilla
Explorer
‎07-10-2023 5:33 PM
0 Kudos

Hi Karthik,

Thank you for the response.

But Create Keypair option lets us create a keypair certificate in the keystore. In which kind of scenarios will we use the CPI created Keypair certificates?

In general to connect to other systems, the client at the receiver end provides us the certificate with passphrase and we use that for authentication. But here we are creating the certificate, in what kind of scenarios we can used that?

VijayKonam
Active Contributor
‎07-10-2023 7:16 PM
0 Kudos

You could created key pair in any of the systems or even using putty. CPI is just providing another similar tool there. However, these key pairs must signed by the allowed external CAs for them to work with CPI. In fact, this feature has been available in SAP PI, PO systems as well. So you are not needed to use the feature but you may choose to.

MichaelSargent
Participant
‎07-09-2023 1:40 AM
0 Kudos

If you want to connect a SAP backend on premise system to CPI you will need a keypair and new certificate once a year.

Refer to example blog:

Cloud Integration – How to Setup Secure Outbound HTTP Connection using Keystore Monitor | SAP Blogs

Show replies
Show replies
Ask a Question