Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

A step by step to apply Netweaver PI(dual-stack) https service

Former Member
‎09-28-2014 5:31 PM
0 Kudos

    Perspective of information security should be considered during system integration, especially for B2B integration scenario, Now we can turn on https service port and provide security service if you chosen SAP PI to realize system integration,at this post i'll demonstrate how to  configure PI https service and apply SOAP Sender and receiver adapter for dual stack PI installation,


ICM https configuration


1. Installing the SAP Cryptographic Library for SSL

     Download SAP Cryptographic Library from sap marketplace, file:SAPCRYPTOLIB_XXX.SAR

2.     Extract sar file

        sapcar –xvf SAPCRYPTOLIB_XXX.SAR(include sapgenpse.exe,sapcrypto.dll,ticket)

        copy file sapgenpse.exe,sapcrypto.dll into PI's $DIR_CT_RUN for example /usr/sap/<SID>/SYS/exe/uc/NTAMD64, and then restart the system.

        copy file ticket o the $(DIR_INSTANCE)/sec directory

3.      Maintain ICM parameters for using SSL.

          Default profile C:\usr\sap\<SYSID>\SYS\profile

    


         open profile add below setting:

          # SSL Configuration: Location of the SAP Cryptographic Library

          ssl/ssl_lib = $(DIR_EXECUTABLE)$(DIR_SEP)$(FT_DLL_PREFIX)sapcrypto$(FT_DLL)

          # https port configuration

          icm/server_port_5 = PROT=HTTPS,PORT=5$(SAPSYSTEM)01,VCLIENT=1


4.  then goto smicm you will find https service is actived


Create certificate


1.     Goto NWA,  http://<host>:<port>/nwa , configuration -> security -> certificates and keys

             Select key storage views: ICM_SSL_<XXX> ,

             Delete old certificates and create new.



Configure soap https sender adapter

         

     1.  configure https without client authentication

          

      2. distribute PI's certificate to consumer

         before partner can consume your web service, you need to distribute PI's certificate and wsdl to service consumer, to get pi's  certificate, you can                     perform as below

          


SOAP receiver adapter

1. import certificate to certificate to views

     you need to get certificate file from service provider,also you can get it as above. and then import this certificate to views :TrustedCAs,in this          example      certificate is mesdev.



2.    Configuration soap receiver adapter using view TrustedCAs and key mesdev

1 Comment
Labels in this area
Popular Blog Posts