Therefore you as a customer must always assign the whole certificate chain to the certificate to enable the connected component to evaluate the chain of trust. Note, that only root certificates are being imported into the Keystore of the SAP Load Balancer. From the *zip file select the *.cer file of the root certificate and import this into the trust store of the sender system.įurthermore, if you want to use Client Certificate authentication, the sender system keystore needs to contain a key pair signed by one of the CAs supported by the load balancer. A certificates.zip file is created in your local download directory containing all the certificates. You can use the Download option to download the certificates. The response screen provides the list of certificates from the load balancer because the SSL/TLS connection is terminated by the load balancer. If there is in error you may have to uncheck the option ‘Validate Server Certificate‘. You can find this URL by selecting a tile under Manage Integration Content in the Operations view and selecting the integration flow which should be called.Įxecute the connectivity test. The host name of the runtime node has the format. Enter the URL of your runtime node (the URL you want to call from your sender backend) in the Host field. To connect to a Cloud Integration tenant via the load balancer to get the root certificate select the TLS option. Selecting the Connectivity Tests tile from the Overview page opens the test tool offering tests for different protocols. The Connectivity Test is available in the Operations View in Web, in section Manage Security. The easiest way to get the load balancer root certificate is to use the Connectivity Test on the Cloud Integration tenant. Therefore the root certificate of the load balancer needs to be part of its trust store. This is different to the configuration in the Neo environment.įor secure inbound communication via HTTPS the sender system must trust the load balancer. In case the deprecated option to configure the client certificate directly in the integration flow is used, the client certificate is required additionally in the service instance. This setup can be used with basic authentication with user and password.įor client certificate-based authentication and authorization in the Cloud Integration tenant in Cloud Foundry the private key pair provisioned with the tenant (alias sap_cloudintegrationcertificate) needs to be available in the keystore and the client certificate used for the inbound call needs to be maintained in the service key. Sender system and load balancer need to get the certificates and keys configured as described below. Secure Inbound Communicationįor HTTPS based communication towards a Cloud Integration tenant no keystore needs to be maintained in the Integration tenant. Outbound communication configuration for Neo and Cloud Foundry is described in blog ‘ How to Setup Secure Outbound HTTP Connection using Keystore Monitor’. Inbound communication in Neo environment is described in blog ‘How to Setup Secure HTTP Inbound Connection with Client Certificates’. This blog focuses on inbound communication in the Cloud Foundry environment. The setup and the detailed configuration procedure differ according to the communication direction that is being set up: whether a remote system is supposed to send a message to the integration platform or the other way around.įor more detailed information about the different authentication and authorization options refer to the SAP Cloud Integration Documentation, section ‘ Connecting a Customer System to Cloud Integration’. The remote system can act either as a sender or a receiver of messages. Before going into detailed configuration of the inbound communication let’s first have a short look at the basics. Setup Secure HTTP Inbound Connection with Client Certificates and Custom Roles in Cloud FoundryĪ typical task in an integration project is to connect remote systems to the SAP Cloud Integration Tenant. Additional focus of the blog is using custom roles for inbound authorization. It describes the different configuration options available and gives a step by step description what needs to be configured where. This blog describes how to setup secure inbound communication using client certificates when using SAP Cloud Integration in the Cloud Foundry environment.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |