cancel
Showing results for 
Search instead for 
Did you mean: 

C4C and CRM Integration using HCI Certificate-based Authentication

rajiv_juarbal
Participant
0 Kudos
311

Hi Experts,

We are integrating C4C and CRM using HCI certificate-based authentication. We have performed all the necessary configurations in HCI (iFlow setup to use certificate based, certificates imported in keystore), C4C, and CRM-onprem (SSL setup, imported/exported the needed certificates both in SSL Server and Client PSEs) for certificate-based authentication but we're still facing 403-Forbidden error, both for C4C to CRM and CRM to C4C message flows.

For CRM to C4C, we try to do a connection test in SM59 and we already set to not use user logon but the below window still prompts.

Proving the S-USER authorized in HCI tenant, same error we get 403-Forbidden. We're thinking that the above window should not show if we set the logon procedure to use certificate, please advice what other configurations should we set in CRM on-premise side.

Thanks in advance.

Regards,

Rajiv

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
0 Kudos

Dear All,

Kindly note that the pop up come due SSL error, but HCI provide second option to connect when you test the connection from SM 59 from External system(ERP/CRM).

Kindly add Source Client certificate in iFlow and provide the this certificate to HCI operation team to add in HCI key store. (By creating CFC incident or OSS message component for OSS message is LOD-HCI-PI-OPS )

Adding to the above point, add HCI client certificate in External System key store/ Web dispatcher (If applicable).

By doing this SSL handshake will work correctly which will help in connecting your External System (ERP/CRM) to HCI system.

Regards,

Praveen

SAP Cloud Product suppport

rajiv_juarbal
Participant
0 Kudos

In addition, now I just tested again, the ping reached HCI already but I'm not sure if it used the certificate as I was asked with a logon user, where I used the SUSER authorized in our HCI tenant.

Furthermore, for Inbound communication using the service IDOC, is the following configuration correct?

Regards,

Rajiv

chandansb
Active Contributor
0 Kudos

Rajiv,

Please refer the below screenshots specifying the configurations maintained in ECC.

From SM59:

Maintained above is the name of folder structure where all the relevant certificates are imported into STRUST. Also check if you ain't missing any certificates. (Global Root Certificates, CyberTrust certificates, HCI relevant Baltimore and other vertificates)

Kindly verify if you following same.

Hope this helps.

Regards,

Chandan

chandansb
Active Contributor
0 Kudos

Hello Rajiv,

I am not the basis expert nor do I have access to any system right now but looking at your issue, I think you need to mention the Folder name from STRUST where you have added the certificate where you have mentioned as Certificate based authorization in SM59.

Hope I do make atleast some sense to you.

Regards,

Chandan

rajiv_juarbal
Participant
0 Kudos

Hi Chandan,

Thanks for your quick response, here's the screenshot of the folder where the certificates are stored, and the logon procedure in SM59

Regards,

Rajiv