Scribd Logo
Carica

Benvenuto in Scribd!

  • 14444

    Caricato da

    Diego Alonso
    64 visualizzazioni3 pagine
    144444

    Copyright

    © © All Rights Reserved

    Formati disponibili

    TXT, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    144444

    Copyright:

    © All Rights Reserved
    Scarica in formato TXT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    64 visualizzazioni3 pagine

    14444

    Caricato da

    Diego Alonso
    144444

    Copyright:

    © All Rights Reserved
    Scarica in formato TXT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 3

    C.

    Create a self-signed certificate manually


    For Integration Framework (B1i) version below 1.22.0 (up to SAP Business One 9.1
    PL07 and SAP Business One 9.1, version for SAP HANA PL07), this is the recommended
    way for creating a self-signed certificate. Devices from different vendor may have
    different the requirements for certificates, outside the scope of our SAP solution.
    The following method should work on most mobile devices, if an issue is encountered
    please consult with the device vendor for the requirement.
    1. Install and configure OpenSSL
    On Windows environment, OpenSSL is not pre-installed. You have to download it and
    install it. Please refer to https://www.openssl.org.
    The default installation path is C:\OpenSSL-Win64 (for 64-bit Windows systems) or
    C:\OpenSSL-Win32 (for 32-bit Windows systems).
    Go to the OpenSSL folder, open the bin\openssl.cfg file in a text editor, apply the
    changes below, and save the file:
    Find the [ CA_default ] section and change the line # copy_extensions = copy to
    copy_extensions = copy

    Find the [ v3_ca ] section and change the line # subjectAltName=email:copy to
    subjectAltName=@alt_names

    Under the [ v3_ca ] section add extendedKeyUsage = serverAuth to it.

    Go to the end of the file and add one of the sections below:

    � 2019 SAP SE or an SAP affiliate company. All rights reserved 4 of 8
    2019-09-27 2019275
    If the Business One mobile app is going to connect with IP address:

    [ alt_names ] IP.1=xxx.xxx.xxx.xxx
    If the Business One mobile app is going to connect with server domain name:

    [ alt_names ] DNS.1=server_domain_name
    2. Create your own root CA (if it does not exist for other reason)
    2.1. Open Windows Command Prompt as administrator and change to the OpenSSL bin
    folder (for example, cd C:\OpenSSL-Win64\bin).
    2.2. Before using OpenSSL, run command: set OPENSSL_CONF=C:\OpenSSL-
    Win64\bin\openssl.cfg (for 64-bit Windows system) or set OPENSSL_CONF=C:\OpenSSL-
    Win32\bin\openssl.cfg (for 32-bit Windows system)
    2.3. Create a private key file: openssl genrsa -out ServerKey.key 2048
    2.4. Create the certificate file myCA.cer (to be deployed to the mobile devices):
    openssl req -x509 -new -key ServerKey.key -sha256 -days 825 -out myCA.cer -subj
    /C=CN/O=SAP/OU=B1/CN=server_domain_name_or_ip_address NOTE:
    server_domain_name_or_ip_address must be exactly the same value used for the Server
    field in SAP Business One mobile app settings (for example, the server domain name
    or the server IP address, excluding the port). NOTE: the
    server_domain_name_or_ip_address must be accessible from the mobile devices. For
    any questions, please refer to SAP Note 1776825.
    3. Deploy the self-signed certificate on the SAP Business One Integration Framework
    (B1i) server
    3.1. Read the Keytool command usage section carefully before proceeding.
    3.2. Create a PKCS12 keystore: openssl pkcs12 -export -out keystore.p12 -inkey
    ServerKey.key -in myCA.cer (For the Export Password, please enter the default
    Keystore password).
    3.3. Copy the keystore.p12 file to the Xcellerator folder of the SAP Business One
    Integration
    � 2019 SAP SE or an SAP affiliate company. All rights reserved 5 of 8
    2019-09-27 2019275
    Framework (B1i) server (..\SAP Business One
    Integration\IntegrationServer\Tomcat\webapps\B1iXcellerator\keystore.p12) to make
    sure that it can be accessible by keytool.
    3.4. In the Command Prompt, change to the SAP Business One Integration Framework
    jre bin folder according to your system (for example, cd C:\Program Files
    (x86)\SAP\SAP Business One Integration\sapjre_64\bin for 64-bit Windows systems).
    NOTE: Different SAP Business One Integration Framework versions may have a
    different name for this folder (for example, sapjre_7_64).
    3.5. Delete the original self-signed certificate from the keystore: keytool -delete
    -alias tomcat -keystore "C:\Program Files (x86)\SAP\SAP Business One
    Integration\IntegrationServer\Tomcat\webapps\B1iXcellerator\.keystore" -storepass
    <keystore_password>
    3.6. Import the PKCS12 keystore into the Java keystore: keytool -importkeystore
    -srckeystore "C:\Program Files (x86)\SAP\SAP Business One
    Integration\IntegrationServer\Tomcat\webapps\B1iXcellerator\keystore.p12"
    -srcstoretype PKCS12 -destkeystore "C:\Program Files (x86)\SAP\SAP Business One
    Integration\IntegrationServer\Tomcat\webapps\B1iXcellerator\.keystore"
    -deststoretype JKS -deststorepass <keystore_password> -srcstorepass
    <keystore_password>
    3.7. Change the default alias name to tomcat: keytool -changealias -alias 1
    -destalias tomcat -keystore "C:\Program Files (x86)\SAP\SAP Business One
    Integration\IntegrationServer\Tomcat\webapps\B1iXcellerator\.keystore" -storepass
    <keystore_password>
    4. Restart SAP Business One Integration Service from Services window
    5. Install your own root CA certificate (myCA.cer file) on mobile devices
    The Server field in the SAP Business One mobile app settings must use the same
    address used in step 2.4 above to create the myCA.cer file. NOTE: In the iOS mobile
    app, the Server field must also have the port number.
    Procedure for iOS devices
    Email the myCA.cer file to the iOS device.

    Click the email attachment to install the CA into the system.

    � 2019 SAP SE or an SAP affiliate company. All rights reserved 6 of 8
    2019-09-27 2019275
    Set the certificate as trusted on the device in: Settings ? General ? About ?
    Certificate Trust Settings

    Procedure for Android devices
    Copy the myCA.cer file via a microSD card onto the Android device.

    Install the file via Settings ? Security ? Credential Storage ? Install from
    storage, and follow the prompts.

    6. Verify that the certificate has been successfully imported
    Check access to SAP Business One Integration Framework via the https port (for
    example, open https://<servername/IP>:8443 in the browser of the mobile device). If
    successful, you should not receive any warning regarding https/certificates.
    Keytool command usage
    ** Please read the following instructions carefully and pay attention to uppercase
    and lowercase (entries are case-sensitive)! **
    keytool.exe location: ..\SAP Business One Integration\sapjre_64\jre\bin\ (for 64-
    bit Windows system) or ..\SAP Business One Integration\sapjre_32\jre\bin\ (for 32-
    bit Windows system)

    Keystore file: ..\SAP Business One
    Integration\IntegrationServer\Tomcat\webapps\B1iXcellerator\.keystore

    Keystore password (<keystore_password>): Find the default password in the ..\SAP
    Business One Integration\IntegrationServer\Tomcat\conf\server.xml file in the
    keystorePass attribute (for SAP Business One 9.2 PL07 and integration framework
    version 1.22.10 or higher, the value of the keystorePass is encrypted and can be
    modified as outlined in SAP Note 2405043)

    Alias key password (<key_password>): The default key password is the same as the
    keystore password

    Key alias: tomcat

    If you are using Windows Command Prompt, please ensure to run it as Administrator.

    Default Integration Framework Xcellerator path: C:\Program Files (x86)\SAP\SAP
    Business One Integration\IntegrationServer\Tomcat\webapps\B1iXcellerator

    Potrebbero piacerti anche