Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Webservice call error from S4HANA/ECC to BTP CPI

ramu_g4
Participant

on ‎2024 Dec 15 1:43 PM

0 Likes
1,179

Hi Experts,

Our requirement is to send data from ECC/S4HANA to SAP Integration Suite(CPI) where we generated URL after creating SOAP sender channel on CPI.

On SAP backend they are trying to generate Webservices in SOAMANAGER and when I try to ping the webservice after configuring CPI URL. Later, when I "Ping Webservice" from then it throws the following error(shown in screenshots).

Should we generate SSL certificates on CPI iflow level and then share with S4HANA/ECC Basis guys? Also should we ask Certificates from SAP backend to import it to CPI iflow level? 

ramu_g4_0-1734270031439.png

ramu_g4_1-1734270031453.png

ramu_g4_2-1734270031462.png

Thanks,

Ramu.

 

 

 

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
Sandra_Rossi
Active Contributor
‎2024 Dec 15 2:32 PM
0 Likes

You can see an error "SSL handshake..." so yes, you have to install the CPI certificate in ECC STRUST if you want ECC to contact CPI (as it's usually done to consume any kind of Web service, not limited to CPI). Note that "Web service testing" from SOAMANAGER is limited as you can see in the log, see the note 1947516 for more information (1947516 - ESI - SOAMANAGER Ping Web Service returns HTTP error - SAP for Me).

Accepted Solutions (0)

Answers (2)

Answers (2)

Ryan-Crosby
Active Contributor
‎2024 Dec 16 6:00 PM
0 Likes

Only the root and the intermediate certificates are now required to be imported into the SSL client view of STRUST. All three used to be required, but recent changes to how the load-balancing is handled led to only the two being required. On the CPI side you need to import the SAP system certificate, but it must be provided by one of the approved CAs.

 

Regards,

Ryan Crosby

Show replies
Show replies
ramu_g4
Participant
‎2024 Dec 15 4:20 PM
0 Likes

@Sandra_Rossi Thank you Sandra for the response! Which certificates of CPI(as shown in below screenshot) should I share to SAP backend Basis guys to import? Should I share first two certificates with Corp** ? or all of the three?

ramu_g4_0-1734279537181.png

Also, what type of certificates should I ask SAP backend guys to be imported to CPI Keystore? 

Thanks

Ramu

 

Show replies
Show replies
Sandra_Rossi
Active Contributor
‎2024 Dec 15 5:05 PM
0 Likes
With all three, you are sure. You need only the list of server certificates to trust in the client system. I don't know CPI so I can't say why it would require having the ECC server certificates.
Ulrich_Schmidt1
Product and Topic Expert
Product and Topic Expert
‎2024 Dec 16 4:42 PM
Usually it is sufficient, to import the CA root certificates into the "trust store" of the other side. So the CA root, which signed the CPI's server certificate, needs to be imported into the trust list of the SAP backend (transaction STRUST), and the CA root, which signed the SAP backend's client certificate, needs to be imported into the CPI's trust store.
Ask a Question