HTTPS Configuration for SAP Connector



Similar documents
How to Create Keystore and Truststore Files for Secure Communication in the Informatica Domain

KMIP installation Guide. DataSecure and KeySecure Version SafeNet, Inc

How-to-Guide: SAP Web Dispatcher for Fiori Applications

CA Nimsoft Unified Management Portal

Secure Communication Requirements

Informatica Cloud (Winter 2016) SAP Connector Guide

Installing Apache as an HTTP Proxy to the local port of the Secure Agent s Process Server

Application Note AN1502

Managing the SSL Certificate for the ESRS HTTPS Listener Service Technical Notes P/N REV A01 January 14, 2011

SSL Certificate Generation

Configuring TLS Security for Cloudera Manager

Chapter 1: How to Configure Certificate-Based Authentication

Secure Agent Quick Start for Windows

SolarWinds Technical Reference

Browser-based Support Console

SSL Configuration on Weblogic Oracle FLEXCUBE Universal Banking Release [August] [2014]

SAP Web Application Server Security

Configuring IBM WebSphere Application Server 7 for Secure Sockets Layer and Client-Certificate Authentication on SAS 9.3 Enterprise BI Server Web

Installing Digital Certificates for Server Authentication SSL on. BEA WebLogic 8.1

Configuring Secure Socket Layer and Client-Certificate Authentication on SAS 9.3 Enterprise BI Server Systems That Use Oracle WebLogic 10.

Configuration (X87) SAP Mobile Secure: SAP Afaria 7 SP5 September 2014 English. Building Block Configuration Guide

Customizing SSL in CA WCC r11.3 This document contains guidelines for customizing SSL access to CA Workload Control Center (CA WCC) r11.3.

Junio SSL WebLogic Oracle. Guía de Instalación. Junio, SSL WebLogic Oracle Guía de Instalación CONFIDENCIAL Página 1 de 19

DOCUMENTUM CONTENT SERVER CERTIFICATE BASED SSL CONFIGURATION WITH CLIENTS

DOCUMENTUM CONTENT SERVER CERTIFICATE BASED SSL CONFIGURATION AND TROUBLESHOOTING

unigui Developer's Manual 2014 FMSoft Co. Ltd.

Adeptia Suite 6.2. Application Services Guide. Release Date October 16, 2014

Configuring Secure Socket Layer (SSL) for use with BPM 7.5.x

Enabling SSL and Client Certificates on the SAP J2EE Engine

Enabling Single Signon with IBM Cognos 8 BI MR1 and SAP Enterprise Portal

Replacing vcenter Server 4.0 Certificates VMware vsphere 4.0

Marriott Enrollment Server for Web User Guide V1.4

How to Implement Two-Way SSL Authentication in a Web Service

Creating and Managing Certificates for My webmethods Server. Version 8.2 and Later

Configuring SSL in OBIEE 11g

Generating an Apple Push Notification Service Certificate

Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive

Enabling Single Signon with IBM Cognos ReportNet and SAP Enterprise Portal

Secret Server Installation Windows 8 / 8.1 and Windows Server 2012 / R2

Connect to an SSL-Enabled Microsoft SQL Server Database from PowerCenter on UNIX/Linux

To install and configure SSL support on Tomcat 6, you need to follow these simple steps. For more information, read the rest of this HOW-TO.

Exchange Reporter Plus SSL Configuration Guide

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

How-To Guide SAP NetWeaver Document Version: How To Guide - Configure SSL in ABAP System

Sophos Mobile Control Installation guide. Product version: 3.5

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Gateway

LoadMaster SSL Certificate Quickstart Guide

Secure IIS Web Server with SSL

Scenarios for Setting Up SSL Certificates for View

Configuring HTTPS support. Overview. Certificates

Sophos Mobile Control Installation guide

C O N F I G U R I N G O P E N L D A P F O R S S L / T L S C O M M U N I C A T I O N

Using LDAP Authentication in a PowerCenter Domain

Version 9. Generating SSL Certificates for Progeny Web

Configuration Guide. BES12 Cloud

Configuring Secure Network Communications for SAP

(n)code Solutions CA A DIVISION OF GUJARAT NARMADA VALLEY FERTILIZERS COMPANY LIMITED P ROCEDURE F OR D OWNLOADING

How to Implement Transport Layer Security in PowerCenter Web Services

Installing and Configuring vcloud Connector

EMC Data Protection Search

BEA Weblogic Guide to Installing Root Certificates, Generating CSR and Installing SSL Certificate

Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2

Enabling Single-Sign-On between IBM Cognos 8 BI and IBM WebSphere Portal

Configure Managed File Transfer Endpoints

Sophos Mobile Control Installation guide. Product version: 3.6

Customer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background

Introduction to Mobile Access Gateway Installation

How to: Install an SSL certificate

Obtaining SSL Certificates for VMware View Servers

Obtaining SSL Certificates for VMware Horizon View Servers

Configuring HTTPs Connection in SAP PI 7.10

Director and Certificate Authority Issuance

Active Directory Adapter with 64-bit Support Installation and Configuration Guide

Wildcard Certificates

Sophos Mobile Control Installation guide. Product version: 3

Note: Do not use these characters: < > # $ % ^ * / ( )?. &

PUBLIC Secure Login for SAP Single Sign-On Implementation Guide

WEB SERVICES CERTIFICATE GUIDE

Generating and Renewing an APNs Certificate. Technical Paper May 2012

Internet Script Editor (ISE)

Configuring IBM Cognos Controller 8 to use Single Sign- On

Configuring an Oracle Business Intelligence Enterprise Edition Resource in Metadata Manager

Universal Content Management Version 10gR3. Security Providers Component Administration Guide

SSL Configuration Best Practices for SAS Visual Analytics 7.1 Web Applications and SAS LASR Authorization Service

DISTRIBUTED CONTENT SSL CONFIGURATION AND TROUBLESHOOTING GUIDE

END-TO-END SSL SETUP SAP WEB DISPATCHER Helps you to setup the End-To-End SSL Scenario for SAP Web Dispatcher

Novell Access Manager

BusinessLink Software Support

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

IUCLID 5 Guidance and Support

Enabling Single-Sign-On on WebSphere Portal in IBM Cognos ReportNet

X.509 Certificate Generator User Manual

CERTIFICATE-BASED SINGLE SIGN-ON FOR EMC MY DOCUMENTUM FOR MICROSOFT OUTLOOK USING CA SITEMINDER

Reconfiguring VMware vsphere Update Manager

Domino and Internet. Security. IBM Collaboration Solutions. Ask the Experts 12/16/2014

EventTracker Windows syslog User Guide

Secret Server Installation Windows Server 2008 R2

Use Enterprise SSO as the Credential Server for Protected Sites

Preface. Limitations. Disclaimers. Technical Support. Luna SA and IBM HTTP Server/IBM Web Sphere Application Server Integration Guide

SafeNet KMIP and Google Cloud Storage Integration Guide

Transcription:

HTTPS Configuration for SAP Connector 1993-2015 Informatica LLC. No part of this document may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording or otherwise) without prior consent of Informatica LLC. All other company and product names may be trade names or trademarks of their respective owners and/or copyrighted materials of such owners.

Abstract This article explains how to configure SAP and Secure Agent systems for HTTPS and how to enable HTTPS when you configure SAP Table connections. After configuration, when you run Data Synchronization tasks and mappings to read SAP Table sources, the Secure Agent connects to SAP through HTTPS. Supported Versions Cloud R22 - Spring 2015 Table of Contents Abstract... 2 Supported Versions... 2 Table of Contents... 2 Overview... 2 Prerequisites... 3 Downloading OpenSSL... 3 Download the SAPGENPSE Tool... 3 HTTPS Configuration on the Secure Agent System... 3 Creating a Certificate... 3 Converting an OpenSSL Certificate to PSE format using the SAPGENPSE tool... 5 HTTPS Configuration on the SAP System... 6 Enabling the HTTPS Service on SAP System... 6 Import the Certificate to SAP System Trust Store... 6 HTTPS Configuration for the SAP Connector... 6 Enabling HTTPS while Configuring an SAP Table Connection... 6 Troubleshooting... 7 Configuring the SAP Parameters... 7 Setting Trace Level... 7 Data Synchronization Tasks or Mappings Fail with Error... 7 Overview To connect to SAP through HTTPS and read SAP table sources, you must configure the machine that hosts the Secure Agent and the machine that hosts the SAP system. You must also enable HTTPS when you configure an SAP Table connection in Informatica Cloud. 2

Prerequisites Before you configure HTTPS, make sure that you perform the SAP Table Connector administrator tasks. For information, see the SAP Table Connector Administration section in the Informatica Cloud Administrator Guide. 1. Download and install OpenSSL to a local directory on the Secure Agent machine. 2. Download and extract the SAPGENPSE tool to a local directory on the Secure Agent machine. Downloading OpenSSL 1. Download the OpenSSL binaries from https://www.openssl.org/community/binaries.html. 2. Click https://slproweb.com/products/win32openssl.html. 3. Click https://slproweb.com/download/win64openssl_light-1_0_2d.exe and save the file. 4. Run the exe file and follow the steps in the Install wizard. The openssl.exe, ssleay32.dll, libeay32.dll, and openssl.cfg files are available in the OpenSSL installation directory. Download the SAPGENPSE Tool Download the SAPGENPSE Cryptography tool as part of the SAP Cryptographic Library in the SAP Service Marketplace. For information, see Downloading the SAP Cryptographic Library. Verify the prerequisites in the document before proceeding. 1. Download the latest available patch for the SAPGENPSE tool based on the operating system on the Secure Agent machine. 2. At the command prompt, navigate to the directory that contains the SAPCAR.EXE file and the SAPCRYPTOLIB_*.SAR file. 3. Extract the SAR file. For example, enter the following command at the command prompt: sapcar.exe -xvf SAPCRYPTOLIB_39-10010895.SAR The SAPGENPSE files are extracted to the nt-x86_64 directory within the current directory. HTTPS Configuration on the Secure Agent System To configure HTTPS on the machine that hosts the Secure Agent, perform the following tasks: 1. Create a certificate using OpenSSL and JAVA KeyTool. 2. Convert the OpenSSL certificate (PKCS#12 certificate) to SAP specific format (PSE) using the SAPGENPSE tool. Currently, self-signed certificates are supported. Creating a Certificate Note: Replace variable enclosed in angle bracket with the actual value of the variable. For example, replace <rsakey_name> with the actual name you want to provide for the file. The convention applies to this entire document. To create an OpenSSL certificate, perform the following steps: 1. Set the OPENSSL_CONF variable to the absolute path to the openssl.cfg file. For example, at the command prompt, enter the following command: set OPENSSL_CONF= C:\OpenSSL-Win64\bin\openssl.cfg 2. Navigate the <openssl installation directory>\bin directory. Verify that the openssl.exe file is available in this directory. 3

3. To generate a 2048-bit RSA private key, enter the following command: openssl.exe req -new -newkey rsa:2048 -sha1 -keyout <rsakey_name>.key -out <rsakey_name>.csr 4. When prompted, enter the following values: - Private key password (PEM pass phrase). Enter a phrase that you want to use to encrypt the secret key. Re-enter the password for verification. Important: Make a note of this PEM password. You need to specify this value in some of the following steps. - Two letter code for country name. - State or province name. - Locality name. For example, you can enter the name of your city. - Organization name - Organization unit name. For example, the business unit in your organization. - Common name (CN). Mandatory. Enter the fully qualified host name of the machine that hosts the Secure Agent. - Email address. 5. Optionally, enter the following extra attributes you want to send along with the certificate request. - Challenge password. Enter a string, which is embedded in the CSR and is shared between you and the SSL issuer. If you ever need to reinstall your certificate for any reason, you will be required to enter that password for authentication. - Optional company name. A new RSA private key of 2048-bit size is created. The <rsakey_name>.key and <rsakey_name>.csr files are generated in the current location. 6. To generate a self-signed key using the RSA private key, enter the following command: openssl x509 -req -days 11499 -in <rsakey_name>.csr -signkey <rsakey_name>.key out <certificate_name>.crt 7. When prompted, enter the PEM pass phrase for the RSA private key. This is the same password you entered in step 4. The <certificate_name>.crt file is generated in the current location. 8. Concatenate the contents of the <certificate_name>.crt file and the <rsakey_name>.key file to a.pem file. - Open the <certificate_name>.crt file and the <rsakey_name>.key files in a Text editor. - Create a new file and save it as <PEM file name>.pem. - Copy the contents of the <certificate_name>.crt file and paste it in the.pem file. Copy text beginning from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE-----. - Copy the contents of the <rsakey_name>.key file and append it to the existing contents of the.pem file. Copy text beginning from -----BEGIN RSA PRIVATE KEY----- to -----END RSA PRIVATE KEY-----. - Save the <PEM file name>.pem file. 9. To create a PKCS#12 certificate, enter the following command at the command prompt: openssl pkcs12 -export -in <PEM file name>.pem -out <p12 file name>.p12 name domain name 4

10. When prompted, enter the following details: - PEM pass phrase for the.pem file. This is the same password you entered in step 4. - Export password that will be used to protect the P12 file. Re-enter the password for verification. Important: Make a note of this export password for the P12 file. You need to specify this value in some of the following steps and while creating the SAP Table connection in Informatica Cloud. The <p12 file name>.p12 file is generated in the current location. 11. To create a Java keystore file, enter the following command: keytool -v -importkeystore -srckeystore <p12 file name>.p12 -srcstoretype PKCS12 -destkeystore <JKS file name>.jks -deststoretype JKS -srcalias "unique alias associated with the source keystore" destalias "destination alias" 12. When prompted, enter the following details: - Password for the destination keystore, the JKS file. Important: Make a note of this password. You need to specify this password while creating the SAP Table connection in Informatica Cloud. - Password for the source keystore, the P12 file. Enter the Export password you specified for the P12 file in step 10. The <JKS file name>.jks file is generated in the current location. Important: While enabling HTTPS in an SAP Table connection, you must specify the name and location of this keystore file. You must also specify the destination keystore password as the Keystore Password and the source keystore password as the Private Key Password. Converting an OpenSSL Certificate to PSE format using the SAPGENPSE tool 1. At the command prompt, navigate to the <sapgenpse extraction directory> directory. Verify that the sapgenpse.exe file is available in this location. For example, navigate to the c:\sapgenpse\nt-x86_64 directory. 2. To generate a PSE file, enter the following command: sapgenpse import_p12 -p <directory where you want to generate the PSE file>\<pse file name>.pse <path to the P12 certificate file>\<p12 file name>.p12 3. When prompted, enter the following details: - Password for the P12 file. Enter the Export password you specified for the P12 file. - Personal identification number (PIN) to protect the PSE. Re-enter the PIN for verification. The <PSE file name>.pse file is generated in the specified directory. 4. To generate the certificate based on the PSE format, enter the following command: sapgenpse export_own_cert -p <path to the PSE file>\<pse file name>.pse -o <certificate name>.crt 5. When prompted, enter the PSE PIN number you specified in step 3 (previous step). The <certificate name>.crt file is generated in the current location. You have to import this certificate file to the SAP system. 5

HTTPS Configuration on the SAP System To configure HTTPS on the machine that hosts the SAP system, perform the following tasks: 1. Enable the HTTPS service on the SAP system. 2. Import the certificate in PSE format to SAP system trust store. Enabling the HTTPS Service on SAP System Enable the HTTPS service from the SMICM transaction. For more information, see HTTP(S) Settings in ICM. Import the Certificate to SAP System Trust Store 1. Login to SAP and go to the STRUST transaction. 2. Select the standard SSL client and specify the password. In the Import Certificate dialog, you may need to select Base64 format as the certificate file format. 3. Click the Import icon and select the <certificate name>.crt file you converted to PSE format using the SAPGENPSE tool. Note: You may need to add a DNS entry of the agent host on SAP app server if a user is on a different network. 4. Click Add to Certificate List. 5. Restart the SAP instance. For more information, see Importing the Certificate From the File System. HTTPS Configuration for the SAP Connector To enable the Secure Agent to connect to SAP through HTTPS, you must enable HTTPS and specify the keystore details when you configure an SAP Table connection. To read SAP table sources through HTTPS, specify an SAP Table connection configured for HTTPS when you create Data Synchronization tasks and mappings. Enabling HTTPS while Configuring an SAP Table Connection To configure an SAP Table connection and enable HTTPS, perform the following steps: 1. Click Configure > Connections. 2. Click New in the Connections page. The New Connection page appears. 3. Enter a name for the SAP Table connection. 4. Enter a description for the connection. 5. Select SAP Connector as the connection type. The SAP Connector Connection Properties appear. 6. Select the name of the runtime environment where you want to run the tasks. 7. Enter an SAP user name with the appropriate user authorization. 8. Enter the SAP password. 9. Enter the SAP client number. 10. Enter the language code that corresponds to the SAP language. 11. Enter the complete path to the saprfc.ini file. 12. Enter the Type A DEST in the saprfc.ini file. 6

13. Enter a range of HTTP port numbers that you can use. 14. Select Test Streaming, to test the connection with both RFC and HTTP protocol. Clear the field to test the connection with HTTP protocol. 15. Select Https Connection to connect to SAP through HTTPs protocol. 16. Enter the absolute path to the JKS keystore file. 17. To specify the destination keystore password as the Keystore Password, type the destination password specified for the.jks file. 18. To specify the source keystore password as the Private Key Password, type the Export password specified for the.p12 file. 19. Click Test to test the SAP Table connection. 20. Click OK to save the connection. Troubleshooting Configuring the SAP Parameters On the SAP system, verify that you set the following SAP parameters: icm/server_port ssl/ssl_lib sec/libsapsecu ssf/ssfapi_lib ssf/name icm/https/verify_client ssl/client_pse wdisp/ssl_encrypt Setting Trace Level 1. Logon to SAP and go to the SMICM transaction. 2. Select Goto > Trace Level > Set. 3. Enter 3 and press Enter to view detailed log. Data Synchronization Tasks or Mappings Fail with Error Data Synchronization tasks and mappings run successfully when you configure HTTPS properly. If the tasks or mappings fail, verify that you performed the following tasks correctly: Make sure that you specify the fully qualified name of the Secure Agent host machine for common name (CN) when you generate the 2048-bit RSA private key. After importing the certificate file to SAP, restart the SAP instance before running the tasks and mappings. Specify the destination keystore password as the Keystore Password when you configure the SAP Table connection. Specify the Export password of the.p12 file as the Private Key Password when you configure the SAP Table connection. Author Jyothi Jandhyala 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information