Versions Compared

Old Version 4

changes.mady.by.user Kevin Wu

Saved on

compared with

New Version 5

changes.mady.by.user Kevin Wu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Blach hagajgienfeaihaepojeafoneafea

...

Image Added supports TLS/SSL handshaking for one-way authentication between a SAP CC client and SAP CC core server.

In one-way mode, only SAP CC Client validates the SAP CC Core Server to ensure that it receives data from the intended SAP CC Core Server. For implementing one-way mode, the SAP CC Core Server shares its Certificate(s) with the SAP CC Client.

To allow SAP CC agents to connect to the SAP CC Core Server with TLS enabled, you must:

  1. Configure SAP CC Core Server with one-way authentication for the respective Instance and Services.

  2. Configure Image Modified Client to trust SAP CC Core Server.

Configure SAP CC Core Server

...

Before we can start configuring SAP CC Core Server, we need to know that SAP CC agents in MZ are connecting to the Dispatcher instance through the TCP-IP layer:Image Removed

...

SAP CC Architecture Diagram including SAP CM(Image Modified) as a third party element.


Info
title

Info!

For more information, please read Identifying services involved in the Client/Server communication

For our case, you will turn on one-way for ExternalSecure targeted service on the Dispatcher instance.


title
Tip

Example!

Example SAP CC Core Server Instance Map:

Code Block
#InstanceId   ; HCISecure ; HCIHost                                               ; HCIPort ; WSSecure ; WSHost                                                ; WSPort ; ExternalSecure ; ExternalHost                                          ; ExternalPort ; InternalSecure ; InternalHost                                          ; InternalPort
 updater#1    ; off       ; ec2-13-229-84-66.ap-southeast-1.compute.amazonaws.com ; 9000    ; off      ; ec2-13-229-84-66.ap-southeast-1.compute.amazonaws.com ; 9080   ;                ;                                                       ;              ;                ;                                                       ;
 dispatcher#1 ; off       ; ec2-13-229-84-66.ap-southeast-1.compute.amazonaws.com ; 9100    ; off      ; ec2-13-229-84-66.ap-southeast-1.compute.amazonaws.com ; 9180   ; oneway         ; ec2-13-229-84-66.ap-southeast-1.compute.amazonaws.com ; 2000         ; off            ; ec2-13-229-84-66.ap-southeast-1.compute.amazonaws.com ; 2100


...

One of the example method is using the keytool command to add this server certificate to client truststore, and use this truststore for your SAP CC agent.

Tip
title

Example!

Import the server certificate “certificate.x509.pem“ to generate “client.truststore” file.

Code Block
keytool -importcert -alias sapcc -file certificate.x509.pem -keystore client.truststore -storetype pkcs12 -storepass examplepw

In the SAP CC agent, tick Enable Secured Connection checkbox and configure the following fields:

Keystore Path: /path/to/client.truststore

Keystore Password: examplepw


title
Note

Note!

SAP CC agent will only support a Keystore that is in PKCS#12 format.

...