Chem XML Message eStandards and CIDX Scenario - Part III

By Suraj Kumar Pabbathi

In my earlier blogs efforts are made to explain about CIDX standards, how to design and configure the object to support CIDX communication.

Blog1: http://saptechnical.com/Tutorials/XI/ChemXML/part1.htm

Blog2: http://saptechnical.com/Tutorials/XI/ChemXML/part2.htm 

I would like to make your experience pleasant and fruitful with CIDX communication through this blog.

This blog covers those intricate details in regard to security, certificates through simple steps, focusing on PI 7.1

You have already selected CIDX adapter with Transport Protocol as "HTTPS" and Message Protocol as "RNIF 1.1" for communication. Selecting the message protocol to RNIF 1.1 means you are configuring the scenario to handle Preamble, Service Header, Service Content, Digital Signatures etc...

We will focus on achieving HTTPS communication which is a combination of HTTP with SSL/TLS protocol to provide encrypted communication and secure identification of a network web server.

Step 1: Since the CIDX adapter is available through adapter engine, you need to set your server through Java stack to receive and send secured messages.  

SSL Communications are handled by ICM (Internet Communication Manager) for both the Java and ABAP servers. You need to perform the configuration to use one of it, navigate to RZ10, select the profile <SYSID>_DVEBMGS00_<host> and configure the profile parameter.  

ssl/pse_provider  = JAVA

Step 2: Restart the server to notice automatic creation of Keystore views in SAP NetWeaver Administration (NWA).

Navigate to NWA >> Configuration Management >> Certificate and Keys.

Identify the new Keystore View named after ICM_SSL_<instance ID>

Create the private key in the specified keystore view using "Create" and follow the wizard.  

Notice that "Generate CSR Request" is enabled and use it generate CSR Request. Basically this step is needed to get your certificate issued by 3rd party Authority, to be identified as secure partner to carry out secure online transactions and conduct the business over internet.

When you purchase the certificate that is considered as CSR Response. Select the private key that you have just created and import it as "Import CSR Response".

Copy these certificates into Trusted CAs and secure_ssl  keystore Views.  

Step 3: Load the public key of your partner with entire certificate chain (Public Key, Intermediate and Root) into keystore Views "ICM_SSL_XXXX", Trusted CAs.

In the following screenshot, you can view Verisign as Certificate Authority and chain of certificates.

They can be recognized as Verisign as root, Verisign Class 3 Secure Server CA – G3 as intermediate and business.partner.com as public key.

At times your partners provide self signed certificates, however PI supports.

Click here to continue...

 

Please send us your feedback/suggestions at webmaster@SAPTechnical.COM 

HomeContribute About Us Privacy Terms Of Use • Disclaimer • SafeCompanies: Advertise on SAPTechnical.COM | Post JobContact Us  

Graphic Design by Round the Bend Wizards

footer image footer image