Determining the Source of the Response Encryption Certificate

When using asymmetrical message signature and encryption, you can define the source of the certificate further which is used to encrypt the response message.

This option only exists for cases where the receiver of the message (that sends the response message) is an SAP system . If you have made the above security settings, it is a prerequisite that this attribute is only displayed in one of the following cases:

• You are dealing with a sender channel (in this case the message receiver is the Integration Server - an SAP system)

• You are dealing with a receiver channel and the receiver system is an SAP system.

Make the required settings (under Source of the Response Encryption Certificate ).

You have the following options:

• Use signature certificate of the inbound message

  If you select this option, the signature certificate contained in the inbound message is used to encrypt the response message.

  Recommendation

  This option is generally recommended.

• Manually select the source of the key

  If you have selected this option then the Encryption Certificate in PSE WSSCRT field is displayed. Use the input help to select one of the available certificates.

  • When configuring a sender channel you can select from the certificates that were imported into the personal system security environment (PSE) WSSCRT PSE of the Integration Server system.

  • When configuring a receiver channel you can select from the certificates that were imported into the WSSCRT PSE of the receiver system.

    Note

    You can also find these certificates in the corresponding system if you call the Trust Manager (transaction STRUST ) under PSE WSSCRT .

    More information: Trust Manager

More information: WS Security XML Signature/Encryption