Hi guys, in this articles I share step by step how to config connection from SAP CPI to SFTP server with private/public key. For configuration connect from CPI to SFTP by using credential user, kindly see this blog.

First, take a short look this diagram

For secure SSH communication a known hosts file has to be deployed in the cloud integration tenant containing the public host key of the sftp server so that the sftp server will be trusted.

Furthermore, for public key authentication with the sftp server, a private key has to be maintained in the cloud integration tenant key store. Also User/Password can be used instead, in this case user credentials have to be deployed in the cloud integration tenant. Recommended configuration option for secure communication is public key authentication.

After configure SFTP server, we will have some info of it as

  • User name
  • Password phrase
  • Host name
  • Private key file (*.ppk)

Let’s go

Step 1 : Export private key (*.PPK) into SSH key
  • Open WinSCP
  • Choose Tools
  • Choose item Run PuTTYgen
  • Choose button Load to load file .ppk
  • Export to OpenSSHkey
  • Save this file to use in step 2
Step 2 : Download OpenSSL for Window
  • Go here to download OpenSSL
  • Copy it to C:\OPENSSL
  • Create folder SSL and copy file openssl.cnf into it
  • At folder OpenSSL run CMD by administrator
Step 3 Create X.509 Certificate from SSH key which created in Step 1
openssl req -new -x509 -days 3650 -key SFTP_PrivateKey_demo.pem -out  SFTP_x509cert_Demo.pem

After this step, we receiver one file *.pem in folder

Step 4. Create PKCS key (.P12) from X.509 certificate in step 3
openssl pkcs12 -export -in SFTP_x509cert_Demo.pem -inkey SFTP_PrivateKey_Demo.pem -out sftp_keystore_demo.p12
– export – in <X.509 certificate in step 3>
– inkey <private key in step 1>
Enter pass phrase for private keyThis is pass phrase which get from administrator when config SFTP with PPK file.
Enter export passwordThis is password which we create by our self to use in step import certificate to CPI

After this step, we have PKCS (*.p12) in folder

Step 5. Create Known Host in CPI
  • Go to integration Suite Application
  • Go to Design integration flow
  • Go to Monitor item in left menu
  • Go to Connectivity Test


If check host from on-premise through SAP CLOUD CONNECTOR, then we must choose On-Premise for Proxy Type

  • Create notepad and paste Host Key into it and set name file
  • Add this known host into CPI
Step 6 Import PKCS (.P12) in step 4 into SAP CPI. Add Key Pair


Password is Export Password in step 4

Step 7 : Test SFTP and permission access folder on SFTP
  • Go to Connectivity Test in SAP CPI monitor
(1)Public key
(2)User name connect to SFTP
(3)Key pair in step 6
  • Test access right to folder


In this article, I shared step by step How to connect SFTP from CPI by using private/public key. I also share how to test by Test Tool in SAP CPI. Thanks for your reading, any question kindly leave your comment below this.



One comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.