SAP Gateway communicates with the connectivity provider through HTTPS connection. Therefore, SAP Gateway must have an SSL server certificate of the connectivity provider in its trusted certificate list.
Below is a procedure for a reverse flow from SAP Gateway to a connectivity provider, such as, the Sybase Unwired Platform (SUP) server.
Import the SSL server certificate of the connectivity provider into the SSL client SSL (Standard) PSE via the Trust Manager:
In transaction STRUST, select SSL client SSL Client (Standard).
Enter a path to the certificate location on the file system and choose Input (Enter).
To upload certificate details into the Certificate pane choose Add to Certificate List.
Save your settings.
Communication to the connectivity provider uses an RFC destination of type HTTP Connection to External Server.
SAP Gateway could use the combination of user name and password of a system user at the server side. The recommended solution is to use SSL mutual authentication with client certificates.
SAP Gateway could use a private key of SSL Client Standard PSE for authentication to the connectivity provider. The RFC destination on the SAP Gateway side should not specify any user details. The SSL Client Standard PSE certificate should be used as a service user identity. The subject of the certificate should be known on the connectivity provider’s side and therefore it could be mapped to a local user.
The same PSE also contains an SSL server certificate of the connectivity provider.
The connectivity provider should be aware of the client certificate CA or the public key of the certificate in case it is self-signed.
The certificate should be exported from the SAP Gateway system and imported into the corresponding location at the connectivity provider.
Export SAP Gateway’s client server certificate from the SSL Client Standard PSE as follows:
In transaction STRUST, select node SSL client SSL Client (Standard).
In the Own Certificate section, select the SSL certificate and choose .
Select a proper location of the certificate in the file system.
Import the certificate into an appropriate location at the target connectivity provider’s system.