Categories Top Downloads
Login Register Upload

AS2 Certificate Handling - How To in SAP PI

January 10, 2017 | Author: Mahesh Uma | Category: N/A
Share Embed Donate
Report this link


Short Description

Download AS2 Certificate Handling - How To in SAP PI...

Description

AS2 Certificate Handling - How To Guide -

SEEBURGER AG

Platform: PI Release: 7.1x/7.3x

SEEBURGER AG

AS2 Certificate Handling – How To Guide –

Inhalt AS2 CERTIFICATE HANDLING

4

Creating a Keystore View

4

Importing certificates

5

Creating a new private key and certificate

5

Exporting a certificate

7

Granting Keystore View access to adapter users

8

CONFIGURATION ERRORS

11

General

11

Errors in the Runtime-Workbench No encryption certificate Could not retrieve certificate \USER\ABC\XYZ No signature certificate MDN requested, but appropriate report channel is missing Unrecognized SSL message No trusted certificate found

11 11 12 12 13 14 14

Errors in the SEEBURGER-Workbench Decryption certificate missing Decryption failed Authentication error Authentication certificate missing Key invalid in message MDN not signed MDN not authenticated

16 16 16 17 17 18 19 19

APPENDIX

21

Further Information

21

Seite 2/21

19.03.2013

SEEBURGER AG

AS2 Certificate Handling – How To Guide –

Icons Symbol

Description Caution Warning Note Recommendation Requirements Information Example Code

Seite 3/21

19.03.2013

SEEBURGER AG

AS2 Certificate Handling – How To Guide –

AS2 Certificate Handling Note: The following instructions do not replace the official SEEBURGER documentation. Please follow the documents outlined in Further Information

Creating a Keystore View All certificates and private keys for signed and encrypted communication have to be stored in the SAP Key Storage. For this purpose a new Keystore View has to be created. Go to http://:/nwa and open the SAP Netweaver Administrator. From the start page switch to Configuration Management > Security > Certificates and Keys.

In the Keystorage Content tab click Add View.

Fill in View Name and Description for the new view. Click Create.

The result should look like this. Seite 4/21

19.03.2013

SEEBURGER AG

AS2 Certificate Handling – How To Guide –

Importing certificates To be able to verify signed messages from trading partners their certificates have to be imported in the new Keystore View. To import a certificate from a trading partner click the Import Entry button in the Key Store View Details pane.

Choose X.509 Certificate, select the certificate file from the file system and click Import.

Note: The name of the imported certificate can be changed using the Rename button.

Creating a new private key and certificate Select the Keystore View and click Create in the Key Storage View Details pane.

Fill in an Entry Name and check Store Certificate to create a certificate (otherwise only a private key will be created). Click Next.

Seite 5/21

19.03.2013

SEEBURGER AG

AS2 Certificate Handling – How To Guide –

Fill in the Subject Properties. If required, properties can be added or removed by clicking the Add or Remove button. Skip Step 3 and 4 by clicking the Finish button.

Seite 6/21

19.03.2013

SEEBURGER AG

AS2 Certificate Handling – How To Guide –

The result should look like this.

Exporting a certificate Export own certificates to provide them to trading partners by selecting the certificate which shall be exported and clicking the Export Entry button.

Select the preferred export format and click the Download link.

Seite 7/21

19.03.2013

SEEBURGER AG

AS2 Certificate Handling – How To Guide –

Granting Keystore View access to adapter users To be able to use the certificates and keys stored in the Keystore View within the SEEBURGER communications adapters, the adapter users need access to the view. Go to Configuration Management > Security > Identity Management.

Search for see* to get a list of adapter users. Note: The adapter users must be created before.

Seite 8/21

19.03.2013

SEEBURGER AG

AS2 Certificate Handling – How To Guide –

Select the user seeas2 and switch to the Assigned Roles tab in the Details of User pane. Click Modify.

Search for the Role view-creator*. Select the role of the Keystore view and Add it to the user. Save the changes.

Seite 9/21

19.03.2013

SEEBURGER AG

AS2 Certificate Handling – How To Guide –

Seite 10/21

19.03.2013

SEEBURGER AG

AS2 Certificate Handling – How To Guide –

Configuration Errors General Note: The following errors were provoked by an AS2 adapter but can be devolved to every other SEEBURGER adapter using encryption and signing.

Errors in the Runtime-Workbench No encryption certificate Error:

Solution: Check your Receiver Agreement

Seite 11/21

19.03.2013

SEEBURGER AG

AS2 Certificate Handling – How To Guide –

Could not retrieve certificate \USER\ABC\XYZ Error:

Solution: Check the adapter user in the Identity Management of the Netweaver Administrator (NWA). There has to be an assigned role to the Keystore view which contains the certificates and private keys.

No signature certificate Error:

Solution: Check your Receiver Agreement

Seite 12/21

19.03.2013

SEEBURGER AG

AS2 Certificate Handling – How To Guide –

MDN requested, but appropriate report channel is missing Error:

Solution: Check if a Report channel and the corresponding Sender Agreement are configured.

Seite 13/21

19.03.2013

SEEBURGER AG

AS2 Certificate Handling – How To Guide –

Unrecognized SSL message Error:

Solution:

No trusted certificate found Error:

Solution: Check your SSL configuration in the communication channel

Seite 14/21

19.03.2013

SEEBURGER AG

AS2 Certificate Handling – How To Guide – and make sure the SSL certificate is in the Key Storage and valid.

Caution: If a SSL certificate is newly imported a restart of the J2EE Engine is required in order that the changes take effect.

Seite 15/21

19.03.2013

SEEBURGER AG

AS2 Certificate Handling – How To Guide –

Errors in the SEEBURGER-Workbench Decryption certificate missing Error:

Solution: Check the Decryption Key in your Sender Agreement.

Decryption failed Error:

Solution: Check the Decryption Key in your Sender Agreement.

Seite 16/21

19.03.2013

SEEBURGER AG

AS2 Certificate Handling – How To Guide –

Authentication error Error:

Solution: Check the Authentication Certificate in your Sender Agreement.

Authentication certificate missing Error:

Seite 17/21

19.03.2013

SEEBURGER AG

AS2 Certificate Handling – How To Guide – Solution: Check the Authentication Certificate in your Sender Agreement.

Also check if the system property mail.mime.multipart.bmparse is set to false. Go to SEEBURGER Workbench > System Status > Important Server Properties

Caution: If not OK, apply SAP Note 1287778.

Key invalid in message Error:

Seite 18/21

19.03.2013

SEEBURGER AG

AS2 Certificate Handling – How To Guide – Solution:

Check if the Unlimited Strength Policy files are installed on all server nodes.

Caution: If not OK, see SeeMasterInstallationGuide.pdf chapter 4 Note on Cryptography and SAP Note 989517.

MDN not signed Error:

Solution: Check the Signing Key in your Sender Agreement.

MDN not authenticated Error:

Solution: Check the Authentication Certificate in your Sender Agreement for the Report channel. Seite 19/21

19.03.2013

SEEBURGER AG

AS2 Certificate Handling – How To Guide –

Seite 20/21

19.03.2013

SEEBURGER AG

AS2 Certificate Handling – How To Guide –

Appendix Further Information Information: For further information refer to the SEEBURGER Master Configuration Guide and the Adapter manuals coming with the solution release.

Seite 21/21

19.03.2013

View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF