“-–BEGIN CERTIFICATE-–MI….g=-–END CERTIFICATE-–” Find this certificate in your folder and open it with Notepad or another text editor. What you will need to do here is LAST certificate that you exported from step 2. In this window, press on the Service Keys tab and click on Create.Īfter this, click on the JSON option and you will be presented with the following: Once it has finished being created, press on your new instance and a window will slide in from the right hand side. You should have something that looks like this:Ĭlick on Next and change the Grant type from client-credentials to client_X509 and ensure that the Roles field has the role nd or another relevant role if you are using a custom role, then click on Create. Then give it an Instance Name – in this example I called it sap-blog-test-instance. Press on Create and enter the following details.Īnd then allow the rest of the fields to populate automatically – if they don’t then you may need to ensure you have a valid Plan and also create a new Space if necessary. Here you will need to create a new Instance. Login to the relevant Subaccount in you BTP tenant and navigate to the Instance and Subscriptions tab. pfx file now safely imported into the SAP Cloud Integration Keystore, next is to create a service instance and service key to allow external calls INTO your CI tenant. With the Root and CA certificates of your. Create Service Instance and Service Key for SAP Cloud Integration You can follow these steps provided in the SAP Help documentationģ. Now that you have the required certificates, login to your SAP Cloud Integration tenant and navigate to the Monitor tab -> Manage Security – Keystore, where you will be able to import the 2 certificates you just saved. Do this for both the Root and CA certificates as you will need to import these into the Keystore of your SAP Cloud Integration tenant.Īdditionally, you will need the last certificate in the list so go ahead and export this one too. pfx file – from here you can save the Root certificate and the CA certificate by selecting the respective one and pressing on “Export” – select the X.509 format and Export to a folder that you choose. Private Key Pair being accessed through the Keystore Explorerĭouble click on the entry and it will show you the Certificate details for your. pfx file to open it within the Keystore Explorer – note that you will need the private key pair’s passcode in order to be able to continue. pfx file with the Keystore Explorer (or a tool of your choice) by selecting the option “Examine a Certificate” once you have launched the app. Import Root Certificate of Sender system into SAP Cloud Integrationįirst you will need to open your. I overcame this by using a free open-source tool called Keystore Explorer where you can create a. pfx file however I ran into difficulties using this format through the destination. p12 file in this blog post) is typically a. Note: It is possible to generate one in SAP Cloud Integration where it can be used for outbound requests but there is no mechanism to export this private key pair which you will need to configure against the Destination later on for the inbound requests. Therefore, you will need to provision a Private Key Pair through the relevant IT department. In my experience, it has not been possible to use self-signed certificates for Client Certificate authentication from a Destination into SAP Cloud Integration. Create Service Instance and Service Key for SAP Cloud Integration.Import Root Certificate of Sender system into SAP Cloud Integration.You can find out more on the basics of this secure method of authentication here.īy the end of this blog post you will have a Destination setup with Client Certificate authentication so that other services developed on SAP BTP can easily make inbound requests to SAP Cloud Integration. Many customers want to avoid using Basic Authentication and opt for more secure authentication methods such as Client Certificate authentication. It is very common for SAP Cloud Integration to receive inbound requests, for example from a custom app developed in SAP BTP. There will be a brief introduction followed by the main steps to follow to set up CI for inbound requests with a Destination and then a short conclusion. This blog post describes how to set up Client Certificate authentication for inbound requests to SAP Cloud Integration (CI) in the Cloud Foundry through an SAP BTP Destination service that can then be easily used by other services within SAP BTP.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |