- 浏览: 490965 次
- 性别:
- 来自: 北京
文章分类
最新评论
-
cloudfile:
谢谢分享!
MyEclipse配置Tomcat(图解) -
dotjar:
有效没?
治咳嗽秘方 -
jyslb:
设置密码长度大于10位,其中包含%$#&等符号,你这个 ...
奶瓶无线破解介绍 -
廖乐逍遥:
还是不行。。
eclipse里不支持泛型的解决方法 -
cue2008:
http://backtrack.unixheads.org/ ...
Intel 3945ABG无线网卡破解无线路由器密码 BT3
http://simonlesflex.wordpress.com/2011/03/08/sap-xi-ssl-certificate-installation-procedure-for-sap-j2ee-engine-6-30-%E2%80%93-steps-in-visual-administrator/
Pre-requisite (refer installation guide for detailed procedure of pre-requisites):
1. You have installed the SAP cryptographic libraries as mentioned in the installation guide.
2. The Keystore and SSL services are enabled.
Following are the steps for installing the SSL certificates in the portal
Start the Visual Administrator. Navigate to the directory given below.
<Installation Drive>\usr\sap\<Instance Name>\JC<Instance Nr>\j2ee\admin\go.bat
1. Login to the Visual Administrator using the Administrator user id and password.
2. Navigate to the ‘Keystorage’ service as shown in the screen below.
image
3. In the ‘Views’ pane select service_ssl and click the ‘Create’ button to generate a certificate signing request (CSR). Screen as shown below will pop-up. Maintain the entries in the screen below.
image
4. Give an entry name. Select the store certificate checkbox.
5. Click on ‘Generate’ button.
6. Two entries will be created in ‘Entries’ pane as shown in the screen below.
image
7. Place the cursor on the private key pair entry in ‘Entries’ pane and click on ‘Generate CSR request’ and save the file with a ‘.csr’ extension. (Note – you will have to type the extension yourself, the visual administrator will not add it to the file). You have created a certificate signing request. The Certification Authority (CA) will be issuing a signed certificate against this .csr file.
8. Now send the .csr file created to the certificate signing authority. The CA will then send you the signed certificate.
9. After receiving the signed certificate change the extension of the file (if not already changed) to ‘.crt’ (different CAs send files with different extensions, please change the extension to .crt).
10. Place the cursor on the private key pair entry and click the Load button and load the signed certificate into the system.
This ends the process if the certificate sent by the CA also contains the intermediate certificate. If that is not the case the intermediate certificate needs to be installed separately as described in two additional steps (11 and 12) below:
11. Download the intermediate certificate from the web site of signing authority (The CA should be able to provide you with the URL for downloading intermediate certificate) and store it as a ‘.crt’ file.
12. Now place the cursor again on the private key pair entry and click the load button. This loads the intermediate certificate into the system.
This completes the procedure of loading the certificates in the system. The entire certificate chain of root certificate, intermediate certificate and client certificate is now installed successfully.
Now we need to configure the SSL service to use this newly installed cetrtificate:
13. Navigate to <Instance name>->Server->Services->SSL Provider.
14. Choose the entry for dispatcher in pane of left hand side.
15. Choose radio-button ‘New sockets’, select entry.
16. Navigate to tab ‘Server identity’.
17. Select ‘Add’ and choose the newly created entry for SSL certificate.
18. Repeat the procedure for ‘Active sockets’.
19. Restart the portal.
How to configure FTPS in File Adapter.
Author: Raja Sekhar Reddy T
The main Moto of this blog was which explains FTP Secure configuration.
FTPS (also known as FTP Secure and FTP-SSL) is an extension to the commonly used File Transport Protocol(FTP) that’s adds support for the Transport Layer Security(TLS) and the Secure Sockets Layer(SSL) cryptographic protocols.
FTPS should not be confused with the SSH File Transfer Protocol (SFTP), an incompatible secure File transfer sub system for the Secure Shell (SSH) protocol. It is also different from the Secure FTP, the practice of tunneling FTP through an SSH Connection.
I am not going to compare FTPS with SFTP, and not going to discuss about SFTP, already blogs available on the same. (http://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/12426).
Before configuring Communication channel, we have to deploy the certificates
1) SAP Java Cryptographic Toolkit has to be deployed in J2EE Engine.
2) Public key Certificate (SSL Certificate) which is provided by FTPS Server has to be deployed in J2EE Engine.
3) The CA certificate used to sign the server certificate must be added to the Trusted As key store view in J2EE Engine. (For PI7.1/7.0 no needs to deploy these toolkit and CA certificate. Because those will be already present in the Server itself).
Take basis people help to deploy required certificates in PI J2EE server.
Refer below link for more info
http://help.sap.com/saphelp_nwpi71/helpdata/EN/e9/a1dd44d2c83c43afb5ec8a4292f3e0/frameset.htm
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/964f67ec-0701-0010-bd88-f995abf4e1fc?QuickLink=events&overridelayout=true
1) Crete communication channel.
2) Select Connection security
FTPS (FTP Using/TLS) for control connection: The FTP control connection is protected using TLS/SSL (Transport Layer Security/Secure Sockets Layer).File transfer is unencrypted.
FTPS (FTP Using SSL/TLS) for Control and Data Connection:
All communication with the FTP server is encrypted and uses TLS/SSL.
3) In Command Order Specifies the sequence of commands used to authenticate and secure the connection. Retain the default setting. Only adjust the sequence of commands to match those expected of the FTP server if you encounter problems with the FTP connection.
AUTH TLS: Defines the authentication mechanism used for the current FTP session.
USER: Sends a User Logon ID to the Server
PASS: Sends a Password to the Server
PBSZ: Defines the largest buffer protection buffer size to be used for application-level encoded data sent or received on the data connection.
PROT : Defines the protection used for FTP data connections.
4) Use X.509 Certificate for Client Authentication, Set this indicator if the adapter, in contrast to the FTP server, is to use X.509 certificate and public-key cryptography to authenticate itself. The corresponding key/certificate pair must previously be saved in a keystore view of the J2EE server.
Give The Details in KeyStore and x.509 Certificate by selecting the help. If we already deployed the Certificates in J2EE Engine, help will be provided and we have to select from that as shown below.
Enter the Keystore and the X.509 Certificate and Private Key. To do this, you can use the input help.
Keystore contains certificates that are used for authentication and encryption.
5) An X.509 client certificate is a digital “identification card” for use in the Internet, also known as a public-key certificate. So public key Certificate has to be selected.
6) Final configuration looks like below.
The FTPS configuration for both sender and receiver communication channels is similar.
Pre-requisite (refer installation guide for detailed procedure of pre-requisites):
1. You have installed the SAP cryptographic libraries as mentioned in the installation guide.
2. The Keystore and SSL services are enabled.
Following are the steps for installing the SSL certificates in the portal
Start the Visual Administrator. Navigate to the directory given below.
<Installation Drive>\usr\sap\<Instance Name>\JC<Instance Nr>\j2ee\admin\go.bat
1. Login to the Visual Administrator using the Administrator user id and password.
2. Navigate to the ‘Keystorage’ service as shown in the screen below.
image
3. In the ‘Views’ pane select service_ssl and click the ‘Create’ button to generate a certificate signing request (CSR). Screen as shown below will pop-up. Maintain the entries in the screen below.
image
4. Give an entry name. Select the store certificate checkbox.
5. Click on ‘Generate’ button.
6. Two entries will be created in ‘Entries’ pane as shown in the screen below.
image
7. Place the cursor on the private key pair entry in ‘Entries’ pane and click on ‘Generate CSR request’ and save the file with a ‘.csr’ extension. (Note – you will have to type the extension yourself, the visual administrator will not add it to the file). You have created a certificate signing request. The Certification Authority (CA) will be issuing a signed certificate against this .csr file.
8. Now send the .csr file created to the certificate signing authority. The CA will then send you the signed certificate.
9. After receiving the signed certificate change the extension of the file (if not already changed) to ‘.crt’ (different CAs send files with different extensions, please change the extension to .crt).
10. Place the cursor on the private key pair entry and click the Load button and load the signed certificate into the system.
This ends the process if the certificate sent by the CA also contains the intermediate certificate. If that is not the case the intermediate certificate needs to be installed separately as described in two additional steps (11 and 12) below:
11. Download the intermediate certificate from the web site of signing authority (The CA should be able to provide you with the URL for downloading intermediate certificate) and store it as a ‘.crt’ file.
12. Now place the cursor again on the private key pair entry and click the load button. This loads the intermediate certificate into the system.
This completes the procedure of loading the certificates in the system. The entire certificate chain of root certificate, intermediate certificate and client certificate is now installed successfully.
Now we need to configure the SSL service to use this newly installed cetrtificate:
13. Navigate to <Instance name>->Server->Services->SSL Provider.
14. Choose the entry for dispatcher in pane of left hand side.
15. Choose radio-button ‘New sockets’, select entry.
16. Navigate to tab ‘Server identity’.
17. Select ‘Add’ and choose the newly created entry for SSL certificate.
18. Repeat the procedure for ‘Active sockets’.
19. Restart the portal.
How to configure FTPS in File Adapter.
Author: Raja Sekhar Reddy T
The main Moto of this blog was which explains FTP Secure configuration.
FTPS (also known as FTP Secure and FTP-SSL) is an extension to the commonly used File Transport Protocol(FTP) that’s adds support for the Transport Layer Security(TLS) and the Secure Sockets Layer(SSL) cryptographic protocols.
FTPS should not be confused with the SSH File Transfer Protocol (SFTP), an incompatible secure File transfer sub system for the Secure Shell (SSH) protocol. It is also different from the Secure FTP, the practice of tunneling FTP through an SSH Connection.
I am not going to compare FTPS with SFTP, and not going to discuss about SFTP, already blogs available on the same. (http://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/12426).
Before configuring Communication channel, we have to deploy the certificates
1) SAP Java Cryptographic Toolkit has to be deployed in J2EE Engine.
2) Public key Certificate (SSL Certificate) which is provided by FTPS Server has to be deployed in J2EE Engine.
3) The CA certificate used to sign the server certificate must be added to the Trusted As key store view in J2EE Engine. (For PI7.1/7.0 no needs to deploy these toolkit and CA certificate. Because those will be already present in the Server itself).
Take basis people help to deploy required certificates in PI J2EE server.
Refer below link for more info
http://help.sap.com/saphelp_nwpi71/helpdata/EN/e9/a1dd44d2c83c43afb5ec8a4292f3e0/frameset.htm
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/964f67ec-0701-0010-bd88-f995abf4e1fc?QuickLink=events&overridelayout=true
1) Crete communication channel.
2) Select Connection security
FTPS (FTP Using/TLS) for control connection: The FTP control connection is protected using TLS/SSL (Transport Layer Security/Secure Sockets Layer).File transfer is unencrypted.
FTPS (FTP Using SSL/TLS) for Control and Data Connection:
All communication with the FTP server is encrypted and uses TLS/SSL.
3) In Command Order Specifies the sequence of commands used to authenticate and secure the connection. Retain the default setting. Only adjust the sequence of commands to match those expected of the FTP server if you encounter problems with the FTP connection.
AUTH TLS: Defines the authentication mechanism used for the current FTP session.
USER: Sends a User Logon ID to the Server
PASS: Sends a Password to the Server
PBSZ: Defines the largest buffer protection buffer size to be used for application-level encoded data sent or received on the data connection.
PROT : Defines the protection used for FTP data connections.
4) Use X.509 Certificate for Client Authentication, Set this indicator if the adapter, in contrast to the FTP server, is to use X.509 certificate and public-key cryptography to authenticate itself. The corresponding key/certificate pair must previously be saved in a keystore view of the J2EE server.
Give The Details in KeyStore and x.509 Certificate by selecting the help. If we already deployed the Certificates in J2EE Engine, help will be provided and we have to select from that as shown below.
Enter the Keystore and the X.509 Certificate and Private Key. To do this, you can use the input help.
Keystore contains certificates that are used for authentication and encryption.
5) An X.509 client certificate is a digital “identification card” for use in the Internet, also known as a public-key certificate. So public key Certificate has to be selected.
6) Final configuration looks like below.
The FTPS configuration for both sender and receiver communication channels is similar.
发表评论
-
Gateway Access Control Lists
2015-10-12 11:34 1202Source:http://wiki.scn.sap.com ... -
SLD_UC registration failes with return code 748
2015-10-12 09:44 2198The managed ABAP systems shoul ... -
SLD Related Gateway Serivces Unavaliable
2015-10-12 09:01 756转自:http://www.sapnew.com/212. ... -
JDBC/JMS driver deployment - now more forceMode=true
2012-11-07 19:36 1238转自:http://scn.sap.com/people ... -
JDBC Receiver Adatper的同步场景设计
2012-10-18 15:15 1092转自:http://scnblogs.techweb. ... -
XML Anonymizer Bean in Communication Channel to remove namespace prefix in XML P
2012-07-24 16:14 1422转:http://www.saptechnical.com/T ... -
Step-by-Step Guides - Connectivity > CIDX Message eStandards
2012-05-29 11:36 1342http://wiki.sdn.sap.com/wiki/di ... -
Chem XML Message eStandards and CIDX Scenario Part III
2012-05-25 00:32 952http://scn.sap.com/people/suraj ... -
Chem XML Message eStandards and CIDX Scenario development – Part II
2012-05-25 00:30 1109http://scn.sap.com/people/suraj ... -
Chem XML Message eStandards and CIDX Scenario – Part I
2012-05-25 00:28 1108http://scn.sap.com/people/suraj ... -
SLDDSUSER in SLD is getting Locked
2012-05-24 17:59 1233******* LOCAL to Solution Manag ... -
How to Start the Visual Administrator
2012-05-22 16:24 961http://help.sap.com/saphelp_nw7 ... -
利用XI同步调用(JDBC)oracle数据库的返回值。
2012-02-13 18:03 1153今天用CCBPM做一串业务操作,具体的操作是:我先异步更 ... -
XI/PI Tables LIST
2012-02-09 15:28 1094ABAP ABAP schema Database Trans ... -
(MID)com.sap.SOA.apt_rfc.0303
2012-02-02 11:51 855MessageID com.sap.SOA.apt_rfc.0 ... -
FAQ XI 3.0/ PI 7.0/ PI 7.1 RFC Adapter
2012-02-01 16:52 2450转自:http://www.saptechies.com/fa ... -
如何排查mapping报错。
2012-01-18 15:50 974XI/PI在开发过程中最容易也是出错最多的地位就是map ... -
RFC Sender to JDBC receiver scenario中值得注意的三个问题
2012-01-17 17:09 1474转自:http://scnblogs.techweb.com. ... -
copyValue用法
2012-01-05 15:24 1175copyValue目的就是实现可以取到一个LIST的任意值。 ... -
PI动态生成字段方法
2011-12-28 18:48 1085今天遇到这样一种情况,PI更新数据库时,有的字段是动态更新 ...
相关推荐
SSL certificate problem: unable to get local issuer certificate
这是一个证书生成工具,用它可以在 IIS 中创建自签名的证书。 它可以自定义证书的 CN,比 IIS 7 中自带的创建自... ... ...IIS7 中,只能创建颁发给 "localhost" 的证书。...Installs self-signed SSL certificate into IIS.
本文将详细介绍如何使用`create-ssl-certificate`这个基于Node.js的命令行工具来创建自签名SSL证书。 首先,`create-ssl-certificate`是一个Node.js应用程序,它简化了在本地或开发环境中生成自签名SSL证书的过程。...
《Sun Certified Enterprise Architect for J2EE Study Guide》是针对Sun Microsystems公司推出的J2EE企业架构师认证考试的一本详尽指南。这本书旨在帮助读者全面掌握Java企业级应用开发的精髓,以便成功通过这个高...
Composer出现crul SSL报错的问题是没有安装CA证书导致的!!! 错误信息如下: [Composer\Downloader\TransportException] curl error 60 while downloading https://repo.packagist.org/packages.json: SSL ...
use Spatie \ SslCertificate \ SslCertificate ; // fetch the certificate using an url $ certificate = SslCertificate :: createForHostName ( 'spatie.be' ); // or from a certificate file $ certificate =...
SSL Certificate Error(解决方案).md
PHP本地环境在调用第三方接口有时会出现cURL error 60: SSL certificate problem: unable to get local issuer certificate的错误提示,这边提供如下解决方案: 1、下载资源,并解压 2、将pem文件放于指定目录下,...
ssl-certificate-chain-resolver, SSL证书链冲突解决程序 SSL证书链冲突解决程序 所有操作系统都包含一组默认的可信 root 证书。 但是证书颁发机构通常不使用他们的root 证书来签署客户证书。 因为它们可以更频繁地...
wso2 新增OpenSSL生成並使用CA根證書籤名Keytool生成的證書請求 相關流程心智圖展開
charles-proxy-ssl-proxying-certificate.pem
ssl_certificate /path/to/your/certificate.crt; # 替换为你的证书路径 ssl_certificate_key /path/to/your/private.key; # 替换为你的私钥路径 # 其他 SSL 设置,如开启 TLS 版本、启用 HSTS 等 ssl_...
SAP SSL HTTPS 开启安全连接
**Nginx SSL双向认证配置详解** 在网络安全日益重要的今天,服务器与客户端之间的通信安全成为了一个不可忽视的问题。本文将详细介绍如何在Nginx服务器上配置SSL双向认证,以提高服务器的安全性,允许只有经过验证...
《MySQL for Visual Studio 2.0.5 非安装版详解》 MySQL for Visual Studio 是一款专为Visual Studio开发者设计的集成工具,它提供了在.NET环境中与MySQL数据库交互的强大功能。版本2.0.5是非安装版,意味着用户...
J2EE提供了一套强大的安全模型,包括角色基的安全性、SSL/TLS加密、容器管理的身份验证和授权等。通过实例,你可以学习如何配置和实施这些安全特性,保护你的应用程序免受未经授权的访问。 最后,开发J2EE应用时,...
C# TLS SSL TCP双向认证 X509Store SslStream Certificate Visual Studio 2017 命令提示 键入: makecert -r -pe -n “CN=TestServer” -ss Root -sky exchange 等待来自客户端的连接... 显示安全等级 密钥套件: Aes...
标题"SAP JCO for Linux"指的是SAP Java Connector (JCO)在Linux操作系统中的应用。SAP JCO是一个中间件,允许Java应用程序与SAP R/3系统进行通信,特别是通过Remote Function Call (RFC)接口来实现。RFC是SAP系统...