on 09-27-2011 3:00 PM
We have a PI 7.11 system. Currently configured to use ABAP STRUST for certificate storage. As per SAPs recomendation we are updating the configuration to use the JAVA Keystore for all certificates - ABAP and JAVA. I have some questions regarding the organisation of certificates in the keystore.
For all outbound communications from the ABAP stack (RFC destinations to a Parter) the anonymous and client certificates shoudl be stored in the CLIENT_ICM_SSL_<iinstallation#> keystore.
For all outbound communications from the JAVA stack (FTPS for example) the anonymous certificates should be stored in the TRUSTEDCAs keystore.
*For all inbound communications the certificates should be stored in the ICM_SSL_<iinstallation#><port> keystore
Is this correct? I got some of this information from SAP Help, specifically http://help.sap.com/saphelp_nwpi711/helpdata/en/e9/a1dd44d2c83c43afb5ec8a4292f3e0/frameset.htm
ANy additional information that you may have would be appreciated.
I'm just going to bump this up to the top of the queue. I'm interested if anyone has any links to documents discussion what keystores are for which certificates so I can make sure that I'm following the SAP standards,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Is the question related to PI?
Check the security guide for PI:
http://help.sap.com/saphelp_nwpi711/helpdata/en/f7/c2953fc405330ee10000000a114084/frameset.htm
Java based adapters require certicates in Java stack (done with Netweaver Administratr), ABAP based adapters (WS-RM, XI, HTTP) require certificates in ABAP stack.
Stephan,
It is related to PI but it may be more appropriate if I post this in anotehr area.
We are running 7.11 in a dual stack environment and have changed the keystore from ABAP to Java. I just wanted to understand the various VIEWS available in NWA Keystore Management and which I should be using. We've worked it out from trial and error but I'm looking for the official SAP documentation. I have found several links which help but I was hoping there was an official guide.
Hi Robert,
I see I was wrong. In PI 7.11 all keystore entries are done in Java stack.
http://help.sap.com/saphelp_nwpi711/helpdata/en/23/d12940cbf2195de10000000a1550b0/frameset.htm
"We recommend that you store CA certificates in the TrustedCAs view."
The securite guide is the only official ressouce from SAP that I know.
Edited by: Stefan Grube on Oct 6, 2011 12:17 PM
User | Count |
---|---|
95 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.