Hi,
I want to receive XML data from a partner. They should use a url ([url=“http://https://123.456.789.0:1111/invoke/folder/service”]https://123.456.789.0:1111/invoke/folder/service[/url]) and send XML data to our SAP BC (4.7). The service is client/http. We set up a https port for that. Additionally we have a server certificate, CA certificate, provate key for our BC. The client certificates are set up and mapped to the users, which are included in a certain ACL - the service they are trying to invoke is also setup for this ACL. We also included the CA certificates in the trusted folder.
A Certificate is required to be send by the partner.
When I try to send the data via a browser it works for a test user where we created a client certificate ourself and signed it.
But it does not work for any of our partners, although we set them up the same way (client certificates, CA certificates). When they try to send the data the access is denied (for those who use a browser, a window appears and the are asked to give a user and password). We send them our CA certificate (which signed our server certificate), but no change. Some of them are trying to send the data via browser, others via a BC.
Can anyone give me an advice what may be the problem?
Kai,
Please make sure that your clients are sending a valid/trusted certificate for authentication. If you change your HTTPS port to “Require Client Certificates”, then they would not get the user-id/password popup. For some reason your browser and client softwares are not sending the certificates and thus the server is reverting back to userid/password authentication. This could be due to their CA not being trusted by your wm server. Also, port access has to be set to Allow (in ports settings).
~tS
YES, you would need to enter in the Listener Specific Credentials with the appropriate info if your require client digital certificates. This information is where your CA and private keys are kept and where the WM server uses to validate incoming digital certificates.