on 2023 Oct 10 12:28 PM
Hello Everyone,
I hope you're all doing well.
We're currently tackling a requirement that involves two authentication options:
We're working within the Integration Suite (SAP CPI) to accomplish this. We're seeking guidance on the best approach to achieve our goal, and also, how can we obtain either a Private Key or a PFX File with the necessary Passphrase Value.
Thank you in advance for your assistance.
Best Regards,
Ashish
Request clarification before answering.
Hello,
can you use OpenSSL?
Here are the commands:
create key pair and certificate in one step:
openssl req -x509 -newkey rsa -nodes -keyout privkey.pem -out cert.pem -subj "/CN=myowncert"
extract public key which is contained in the private key:
openssl rsa -pubout -in privkey.pem -out pubkey.pem
then create pfx file
openssl pkcs12 -export -out mystore.p12 -inkey privkey.pem -in cert.pem -passout pass:abcd
replace the abcd with your desired password
you can also use this command to create key pair:
openssl genpkey -algorithm RSA -out privkey.pem -pkeyopt rsa_keygen_bits:2048
Pls let me know if you need further assistence.
Kind Regards,
Carlos
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Carlos,
I hope this message finds you well. I wanted to express my gratitude for the valuable information you have shared.
I would like to inquire whether it is possible to obtain a private key or a PFX file from SAP CPI for authentication purposes. Specifically, we require either a private key or a PFX file to facilitate this authentication process.
Using Open SSL, we need to get the certificate signed by signing authority also. It would be much better if we can achieve this using SAP CPI.
Your assistance in this matter would be greatly appreciated. Thank you in advance for your support.
Best Regards,
Ashish
Hi Ashish,
I was just typing the following addition, as if foreseeing your comment 😉
In addition to above commands:
In CPI, you
cannot use self-signed certificates.
You need to order a certificate at a Certification Authority, which needs to be
paid.
Alternatively,
for usage within CPI, you can let CPIU generate a certificate for you:
Using the SAP BTP Cockpit
1. Go to
Subaccount -> Services -> Marketplace
Create
instance of Process Integration Runtime with service plan “integration-flow”
2. Create
Service Key
Make sure
to choose Key Type : Certificate
3. After creation, “view” the content of the service key.
It contains:
- Certificate with: Root – Intermediate – client certificates
- Private
key
You can copy
and paste the content into 2 files with file extension as .pem
(can be any
other extension, as desired)
Then create the pfx file (or .p12) with above commands
Does this help?
Hello Carlos,
Thank you for providing this valuable information. It's much appreciated.
Is it for Inbound connection to SAP CPI?, Just to clarify, our current requirement is for an outbound connection with SAP CPI, not an inbound one. Where we will be triggering the third party system API and we need to use our private key or PFX file for Authentication. We have already shared the SAP CPI certificate with them.
Your insights are still very helpful, and we'll keep them in mind for any future needs.
Best Regards,
Ashish
Hello Ashish,
of course, I was thinking you were asking about Inbound connection.
If you want to call a 3rd party system from iFlow, via HTTP Receiver adapter, things are different.
Of course, you can use above approach to obtain key and cert and pfx and upload to CPI Keystore.
then configure it in the Receiver adapter as "client certificate".
However, will the 3rd party system accept it?
Probably not.
This is a question that only the 3rd party can answer.
A client certificate is like a user/pwd credential, it must probably be issued by the 3rd party system.
If they use IAS, then you can let IAS generate a certificate for you.
Anyways, you have to check with them.
Apologies I cannot provide better info here
Kind Regards,
Carlos
User | Count |
---|---|
49 | |
6 | |
5 | |
5 | |
5 | |
4 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.