Step by step to develop ABAP proxy to SFTP with PGP encryption:
Pre-requsities to communicate SFTP with PI.
- SFTP PGP ADDON installation on PI.
- BASIS team to generate a new public key certificate.
- After generating the certificate need to send to SFTP server admin to generate server finger prints.
- Then the server finger prints should be maintained in PI server.
- ESR & ID config.
- Proxy connectivity setup between ECC and PI.
Steps to install PGP ADDONS in PI:
1. Open the NetWeaver System Information using following URL
http://<host>:<port>/nwa/sysinfo
2. Open Tab “Components Info”
3. If you are able to find the Component Name “PIB2B_SFTP”. That means PI server is successfully deployed with SAP PI SFTP PGP ADDON.
check that SFTP Application is started from NWA->Operations->Start & Stop->Java Applications
Generating Certificates:
1. Generate Private and Public Certificate in PI System and Extract Public certificate
Generate and Extract the public X.509 Certificate from SAP PI NetWeaver Administrator -> Configuration ->Certificates and Keys using Button “Export Entry”
2. Convert Public PI X.509 certificated into SSH compatible public key.
Since PI NWA key storage doesn't support SSH keys for Private key based authentication, OpenSSL utility is required convert SSL keys to SSH keys and vice versa. OpenSSL can be installed separately in SFTP server.
To import the public key in SSH compatible SFTP server. First convert the PI X.509 certificate into SSH based public key.
PuTTY can use as client software to connect to SFTP server. It works as command prompt screen to execute key convert commands provided by OpenSSL. Conversion can take place in two steps.
Convert X.509 Certificate into Open SSL based certificate. We can use following command in SSH based client like putty
openssl x509 -in {X.509 Certificate}.cert -noout -pubkey > {Open SSL based certificate}.pkey
File has been generated now.
Convert Open SSL Based certificate into SSH based certificate. We can use following command in SSH based client like putty.
ssh-keygen -i -m PKCS8 -f {Open SSL based certificate}.pkey > {SSH based certificate}.pkey.pkey
File has been generated now.
Keys are generated in SFTP directory.
Import PI public certificate in SFTP Server:
SAP PI converted public key must be registered with the SSH server, typically by copying it into the server's authorized_keys file.
Keys are imported in user folder: <user>/.ssh as shown in above screen shot and this user would be used while making connection to SFTP server.
Go to the root folder of the user account & check for the folder „.ssh‟.
Create one, if the folder does not exist. Check for the file - authorized keys‟, Create one if it‟s not available.
File must be entered in exactly one line
If server need to authorise multiple public key for particular user, Paste the public key content in new line as following screen shot.
Generated server finger prints :
To Establish proxy Connectivity set up between ECC and PI:
- Create RFC Destination in ECC to connect to PI system.
- Configuration Business System as Local Integration Engine (ECC System)
- Create RFC destination (TCP/IP) LCRSAPRFC for the SLD connection to establish the connection between Business System and SLD (ECC System)
- Create RFC destination (TCP/IP) SAPSLDAPI for the SLD connection in ECC
- Maintaining the SAP J2EE Connection parameters for LCRSAPRFC and SAPSLDAPI in SAP J2EE Engine
ESR Part:
Message Mapping:
ID Part:
For proxy no need to create sender communication channel and sender agreement.
Receiver communication channel:
Module Configuration to convert XML to Plain with PGP encryption:
Testing:
File has been placed in SFTP folder with PGP encryption
PGP Encryption:
