Hi guys, in this articles I share step by step how to config connection from SAP CPI to SFTP server with private/public key. For configuration connect from CPI to SFTP by using credential user, kindly see this blog.
First, take a short look this diagram
For secure SSH communication a known hosts file has to be deployed in the cloud integration tenant containing the public host key of the sftp server so that the sftp server will be trusted.
Furthermore, for public key authentication with the sftp server, a private key has to be maintained in the cloud integration tenant key store. Also User/Password can be used instead, in this case user credentials have to be deployed in the cloud integration tenant. Recommended configuration option for secure communication is public key authentication.
After configure SFTP server, we will have some info of it as
- User name
- Password phrase
- Host name
- Private key file (*.ppk)
Let’s go
Step 1 : Export private key (*.PPK) into SSH key
- Open WinSCP
- Choose Tools
- Choose item Run PuTTYgen
- Choose button Load to load file .ppk
- Export to OpenSSHkey
- Save this file to use in step 2
Step 2 : Download OpenSSL for Window
- Go here to download OpenSSL
- Copy it to C:\OPENSSL
- Create folder SSL and copy file openssl.cnf into it
- At folder OpenSSL run CMD by administrator
Step 3 Create X.509 Certificate from SSH key which created in Step 1
openssl req -new -x509 -days 3650 -key SFTP_PrivateKey_demo.pem -out SFTP_x509cert_Demo.pem
After this step, we receiver one file *.pem in folder
Step 4. Create PKCS key (.P12) from X.509 certificate in step 3
openssl pkcs12 -export -in SFTP_x509cert_Demo.pem -inkey SFTP_PrivateKey_Demo.pem -out sftp_keystore_demo.p12| – export – in <X.509 certificate in step 3> | |
| – inkey <private key in step 1> |
| Enter pass phrase for private key | This is pass phrase which get from administrator when config SFTP with PPK file. |
| Enter export password | This is password which we create by our self to use in step import certificate to CPI |
After this step, we have PKCS (*.p12) in folder
Step 5. Create Known Host in CPI
- Go to integration Suite Application
- Go to Design integration flow
- Go to Monitor item in left menu
- Go to Connectivity Test
NOTE
If check host from on-premise through SAP CLOUD CONNECTOR, then we must choose On-Premise for Proxy Type
- Create notepad and paste Host Key into it and set name file
- Add this known host into CPI
Step 6 Import PKCS (.P12) in step 4 into SAP CPI. Add Key Pair
NOTE
Password is Export Password in step 4
Step 7 : Test SFTP and permission access folder on SFTP
- Go to Connectivity Test in SAP CPI monitor
| (1) | Public key |
| (2) | User name connect to SFTP |
| (3) | Key pair in step 6 |
- Test access right to folder
Summary
In this article, I shared step by step How to connect SFTP from CPI by using private/public key. I also share how to test by Test Tool in SAP CPI. Thanks for your reading, any question kindly leave your comment below this.
Thanks
Joseph.
SAP Zero to Hero 
Thanks a lot and its very much useful
LikeLike