Communicating with Salesforce happens via the internet, which is not entirely secure. Therefore, the data should be encrypted by means of SSL. We have to distinguish between two scenarios as to where the communication can happen.
- First, when making an inbound call, i.e. Salesforce sends data to SAP-ECC.
- Second, when making an outbound call, i.e. SAP-ECC sends data to Salesforce.
Depending on the scenario, different SSL settings and configurations will be required.
For using HTTPS in SAP to Salesforce Scenarios some SSL-Certificates has to be downloaded from Salesforce-site and imported in SAP with Transaction STRUST.
This step is necessary to enable SAP-Outbound-Interfaces. The Client-Certificates are also used from the IE, Firefox or other Browsers and can be viewed and downloaded to files. The different SFDC-Servers uses different certificates and you have to download the certificate from your instance-server and import it into your SAP as client certificates for SAP-outbound-calls.
The download of certificate can be done with the browser(in the below scenario Mozilla Firefox). Perform below steps to download the certificate:
Select the lock Icon(Step 2)
Under the Connection, select the “Show connection details(Step 3)
Now, select the “More Information(Step 4)” as shown in the above picture. It will open a new window, here select the option “View Certificate” and it will further open a new window now select the option “Details”
Now select the Certificate (Step 1 below) and then select the option Export (Step 2) and then Save (Step 3) to the necessary path.
Import certificate in SAP using transaction code STRUST
This step is necessary if your SAP-Server is the endpoint for the SSL-communication with the internet.
If you have a proxy between your server and the internet and the proxy is the endpoint for SSL-communication you don’t need to import the certificates in your SAP server. In this case you have to to import the certificates in your proxy-server.
Start Transaction STRUST in SAP
Now navigate to “SSL client SSL Client (Anonymous)” (step 1) and then double click on the system (Step 2) and then on “Import Certificate (Step 3)”
Now select the earlier downloaded Certificate and then Continue
After Import select the option “Add to Certificate List” (Step 1 below)
Once this is done then don’t forget to save at the end (Step 2 above).
The ICM has to be restarted (Transaction SMICM) to make the new imported certificates accessible for the ICM (Internet Communication Manager).