Scribd Logo
Upload

Welcome to Scribd!

  • How To Import Server Certificates in PI System

    Uploaded by

    Arif Somuncu
    3 views4 pages

    Original Title

    2056672 - How to import server certificates in PI system

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views4 pages

    How To Import Server Certificates in PI System

    Uploaded by

    Arif Somuncu

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    24.03.

    2023 09:54 2056672 - How to import server certificates in PI system

    SAP Knowledge Base Article

    2056672 - How to import server certificates in


    PI system
    Component: BC-XI-CON-AFW-SEC (Security), Version: 7, Released On: 21.02.2020

    Symptom
    The Certificates Authority provided by the server have expired or have changed and you need to import the
    new ones in PI system for the server authentication.
    In XPI_Inspector debug trace tool, in the result.html file, if you click in the Communication channel name, you
    can see a warning that the certificate authority is not trusted in "Is Remote SSL Server Certificate Trusted"
    section:

    Environment
    PI Release Independent
    SAP NetWeaver
    SAP Process Integration
    SAP NFE

    Reproducing the Issue


    1. Use the XPI Inspector trace using Example 50 or 11 to trace the error as per instructions in SAP Note
    1514898 (/sap/support/notes/1514898) XPI Inspector for troubleshooting XI
    2. Open the resulting zip file
    3. Go to result.html

    4. Click on the Communication Channel link or scroll down to the relevant section

    https://userapps.support.sap.com/sap/support/sfm/notes/print/0002056672?language=E&token=E68CC8CC876FA3C5E12FB6BDD54A00C6 1/4
    24.03.2023 09:54 2056672 - How to import server certificates in PI system

    Resolution
    For NetWeaver PI 7.0x releases:

    1. Go to the Visual Administrator -> Cluster tab -> <SID> -> Server * -> Services -> Key Storage ->
    Runtime tab -> TrustedCAs.
    2. Select the TrustedCAs view and click Load button.
    3. Import the certificates provided by the server.

    For NetWeaver PI 7.1x and higher releases:

    1. Go to Netweaver Administrator -> Configuration tab -> Security -> Certificates and Keys -> Key
    Storage tab -> TrustedCAs.
    2. Select the TrustedCAs view and click Import Entry button.
    3. Import the three certificates provided by the server.

    https://userapps.support.sap.com/sap/support/sfm/notes/print/0002056672?language=E&token=E68CC8CC876FA3C5E12FB6BDD54A00C6 2/4
    24.03.2023 09:54 2056672 - How to import server certificates in PI system

    How to get the missing certificates

    It is possible to get the missing certificates directly from the XPI_Inspector tool. The certificates will be
    saved in the "certs" folder.

    You can download the certificates by clicking in the link Certificate: #x:

    It is also possible to get the certificates directly with the server provider or by accessing the webservice
    via browser and getting the certificates collected by the browser.

    Note: Once the Keystore has been updated with the certificates, you will need to restart the channel to reflect
    the changes.

    Keywords
    How to import server certificates in PI system, expired, Nfe, certs, certificate, nota fiscal eletronica, peer
    certificate reject by chain verifier, connection reset, certificate authority, CA, NF-e, trustedca, trustedcas,
    certificates, bad certificate, SEFAZ, AFIP, Process Integration 7.0, PI 7.0, PI 7.01, PI 7.02, Process Integration
    7.10, PI 7.10, Process Integration 7.11, PI 7.11, Process Integration 7.30, PI 7.30, Process Integration 7.31, PI
    7.31, Process Orchestration 7.40, PI 7.40, PO 7.40, Process Orchestration 7.50, PI 7.50, PO 7.50, NetWeaver,
    XI, keystore

    Attributes
    Key Value

    Other Components SLL-NFE (Nota Fiscal Electronica (NFe))

    https://userapps.support.sap.com/sap/support/sfm/notes/print/0002056672?language=E&token=E68CC8CC876FA3C5E12FB6BDD54A00C6 3/4
    24.03.2023 09:54 2056672 - How to import server certificates in PI system

    Products
    Products

    SAP NetWeaver all versions

    SAP Process Integration all versions

    This document refers to


    SAP Title
    Note/KBA

    1514898 XPI Inspector for troubleshooting SAP Process Orchestration / Integration


    (/sap/support/notes/1514898)

    This document is referenced by


    SAP Title
    Note/KBA

    3076281 Peer certificate rejected by ChainVerifier - No trusted certificate found, rejected


    (/sap/support/notes/3076281 )

    3057117 Peer certificate rejected by ChainVerifier - EC signed SHA256withRSA server certificate server
    certificate not capable for ECDHE_ECDSA key exchange algorithm!
    (/sap/support/notes/3057117 )

    2509971 FAQs on the impact of Successfactors Certificate Renewal if you use APIs (SFAPI/OData
    API/adHoc API) (/sap/support/notes/2509971 )

    2626189 Unable to establish HTTP connection error occur when performing Directory objects CPA
    cache update in HTTPS mode (/sap/support/notes/2626189 )

    https://userapps.support.sap.com/sap/support/sfm/notes/print/0002056672?language=E&token=E68CC8CC876FA3C5E12FB6BDD54A00C6 4/4

    You might also like