cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authenticate on-premise S4HANA to CPI via certificate

joel_langoyan
Participant

on ‎09-02-2022 9:02 AM

0 Kudos

We are considering at least the S4HANA to CPI have authentication via certificate (if possible). I have read through Cloud Integration on CF – How to Setup Secure HTTP Inbound Connection with Client Certificates | SAP.... What I am sure if I understand correctly is, in the Configure Client Certificate in the Service Key in Cockpit section if S4HANA will be authenticated, am I to place the S4 certificate as shown below?

Also with regards to S4, is the one under SSL Client (standard) enough and correct for our goal?

If I'm getting a wrong understanding here, highly appreciate detailed steps to achieve this process. Thank you.

Regards,

Joel

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

MartyMcCormick
Product and Topic Expert
Product and Topic Expert
‎09-02-2022 10:32 AM
0 Kudos

Hello

Yes, this would be the client certificate found in SSLC in your S4HANA system.

Thanks,
Marty

Show replies
Show replies
joel_langoyan
Participant
‎09-02-2022 4:05 PM
0 Kudos

Hi Marty,

Thanks for your response. As per screenshot, validity days apply only to Certificate type. Does not mean there is no expiration for External certificate type?

Also, just curious to know if would there be authentication conflict if we have two service keys of different type? For example, we have external certificate type and one client/secret type.

Regards,

Joel

MartyMcCormick
Product and Topic Expert
Product and Topic Expert
‎09-02-2022 4:20 PM
0 Kudos

Hi Joel

You are adding an external certificate so the validity would be that of the external cert (the client cert from S/4OP in this case).

You can create several service instances based on your requirements.

Thanks,
Marty

joel_langoyan
Participant
‎09-06-2022 5:41 PM
0 Kudos

Hi Marty,

Just to make sure I have correct understanding. The blog mentions "Note that you can create multiple service keys for one service instance with different client certificates. But a client certificate can be assigned to one service instance only once.", so from what you mention and from the blog; my questions now are:

1. does it mean one instance can only have one type of service key? so cannot mixed different service key types in one instance?

2. does an instance can have multiple keys as long as they are same type?

Would just like clarify those as most blogs and documentation I reference does not mention of a two different authentication approach in one BTP or CPI tenant. Also I do not have access to the subaccount in BTP cockpit for our project.

Thanks,

Joel

Ask a Question