SFTP adapter : generating certificates

Similar Messages

• How to configure SFTP Adapter in XI?

  Hi All,
  How to configure SFTP adapter in XI?, It would be great if anyone sends a step-by-step documentation on the same.
  Thanks in advance

  Hi,
  About SFTP .
  1) SFTP (Secure File Transfer Protocol)
  "SSH File Transfer Protocol" or SFTP is a network protocol that provides file transfer and manipulation functionality over any reliable data stream. It is typically used with the SSH-2 protocol to provide secure file transfer. SFTP encrypts the session, preventing the casual detection of username, password or anything that is being transmitted. One key benefit to SFTP is its ability to handle multiple secure file transfers over a single encrypted pipe. By using a single encrypted pipe, there are fewer holes in the corporate firewall.
  SFTP:
  As per the latest SAP PI/XI support pack, it does not support SFTP via File Adapter.
  So alternative approach to cater this requirement from XI is to make use of Unix Script at OS level to transfer the files from/to third-party systems.
  Inbound Interface - i.e. third-party system ->XI->SAP: 
  File is transferred to a folder in SAP XI landscape from the third-party legacy system using UNIX Script with secured protocol. Once the file is ready in the XI landscape, File Adapter will poll this directory and file is picked up by NFS protocol.
  Outbound Interface – i.e. SAP->XI->third-party system: 
  XI is responsible for writing a file into a folder in the XI landscape. These files are transferred to the third-party system by executing UNIX scripts with secured protocol i.e. via sFTP.
  Pre-Requisites: 
  Public key should be exchanged between external systems and the PI system.
  UNIX shell script has to be developed and scheduled.
  Advantages: 
  Highly Secured.
  Ability to handle multiple secure file transfers over a single encrypted pipe .By using a single encrypted pipe, there are fewer holes in the corporate firewall.
  Disadvantages:
  Two-Step process i.e. XI>Temporary folder>External System and vice-versa
  Files have to be temporarily stored in XI server.
  Multiple failure points i.e. XI and Unix script execution
  Maintenance of an external UNIX script.
  Difficulty in monitoring the execution of the shell script as it cannot be monitored thru XI.
  Need to generate keys and install it in the SFTP site as a pre-requisite i.e. SFTP clients must install keys on the server.
  SFTP uses keys rather than certificates. This means that it can't take advantage of the "chains of trust" paradigm facilitated through Certificate Authorities.
  Files from the XI server should be deleted/archived in a periodic manner to increase the disc space so that it will increase the performance.
  Note: UNIX shell Script can be executed as a background job ‘or' can be triggered from SAP XI through OS command at File adapter level.
  Check the links.
  Secure FTP (SSH) with the FTP Adapter
  Secured File Transfer using SAP XI
  Secure FTP in SAP XI
  Regards,
  Phani
  Reward points if Helpful

• SFTP adapter

  Hi Experts,
  I have  SFTP to FILE adapter without ESR objects scenario.
  I just need pick file from remote location and drop in to receiver side with same file name.
  In this what ever I am picking up source files via SFTP adapter need to generate the same file name in receiver side.
  When I have choose ASMA in  SFTP adapter it is failing receiver side (File) . File name is not found like .
  I have put file name is XYZ_*.* in source in SFTP adapter and Target side *.* in File adapter
  this configuration is not working getting error in receiver side.
  Can you please suggest to me any alternate solution for this scenario.
  Regards
  Tahir

  Hi Tahir,
  SFTP Sender Adapter :
  File name : In case of .txt file give the filename as ".+\\*.txt",in case of .csv file give the filename as ".+\\*.csv" and in case of any other file format give the filename as " ".+\\*".
  Asma Settings :
  File Adapter :
  File name :
  Asma Settings:
  Thanks,
  Durga

• Sender sFTP Adapter - SSH Key

  Hi All,
  I have a small doubt regarding Sender sFTP Adapter. This is what we have done to connect with one of Vendor
  1.     Basis created a SSH key in NWA for Vendor and sent to them.
  2.     They linked the SSH key with user name and asked me to use the same.
  3.     We got the firewalls openepd b/w PI and Vendor
  4.     I provided the same detail in sFTP adapter, but I am not able to connect,
  I am getting below error:
  Error: Cannot connect to SFTP server. Host=########, port=22, username=#####. Private key store=########, private key alias=piPKCS12. Timeout=300000 msecs. Absolute home directory=.: KeyStoreException in Method: getPrivateKey( KeyStore, String, String ). The requested keystore type is not available in the default provider package or any of the other provider packages that were searched. (Software version: 3.0.14.2)
  Please provide your inputs.
  Regards,
  Sachin Dhingra

  Hi,
  The first thing you have to do is use the same userid and the pwd and try to connect to the vendor system from your application layer and see if this is connecting or not. If there is a problem in connection then there are few steps that you have to follow. Below are the steps you need to follow:
  1. Open the port from your Vendor side as well as open the port from your XI system(there might be two ports)
  2. Generate the key of your vendor system and one you started login to the system then it will ask to instal the key , so acept it.
  the IS people can help you out over here.
  3. Try to push the one dummy file in that location manually using the command in application layer.
  4. check the authorization in the target directory and try to provide the proper authorization,, 777 is used for full authorization.
  5. use the same useid and the pwd and then try from your xi system processign a dummy file.
  hope this helps.
  cheers,
  jay

• Receiver SFTP adapter giving spaces between characters in the Output file

  Hi PI Experts,
  My Scenario is: Paymul (EDI file ) ECC -> PI -> SFTP server.
  Source Sender File adapter able to pickup this Paymul D96A file and able to send messages to target SFTP server using SFTP receiver adapter.
  But, Generated Output file having single space between each character. I am not using any content conversion modules in Receiver SFTP adapter.
  Also not having any mappings to transform the messages. it is just pass through interface.
  I have attached example Output file. I have changed the .Dat file to .txt just to attach here.
  Could any one try to help me on this. Please let me know incase need any more details.
  Thanks,
  Govindu.

  Hi Govindu,
  Please see if the below Endcoding settings wont resolve your issue.
  File Type - Text
  File Encoding - ISO-8859-1
  Regards,
  Jannus Botha

• Query regarding sftp adapter

  Hi
  Is there any way we can use dynamic configuration with sftp adapter ?
  Requirement is that I need to retrieve input file name and use that somewhere
  but for sftp sender I could not locate adapter specific message attributes.
  Does that mean its impossible to retrieve file name during runtime?

  Hi Akhil
  have  a look on this links
  Standrad File adapter shipped with XI does not support SFTP. You can may be consider using FTPS ( File Transfer Protocol using SSL/TLS ).
  Check this link for further info,
  http://help.sap.com/saphelp_nw04/helpdata/en/0b/9a50465ccf84479e39a6d50c90fb3f/content.htm
  For HTTPS and FTPS, you need to define if your communication will have certificate authentication, user authentication, none or both. User/password you enter in the adapter parameters, it's simple. For certificates, you need to import (load) it on Key Storage service, service_ssl view, on Visual Administrator (or create the key pair certificate on XI and then sign then on some Certification Authority, on the same service). Check http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm for further information.
  HTTPS / SFTP with XI
  Need Some Pointers for adapter development
  there's a sample adapter shipped with the XI
  /people/gowtham.kuchipudi2/blog/2006/01/04/testing-sample-adapter
  Fle Adapter connection to SFTP server ove SSH
  sftp adapter creation
  Thanks !

• Receiver SAP SFTP adapter-errorlog on SFTP server

  Experts,
  I am using receiver SAP SFTP adapter to connect to an SFTP server and send files.Receiver SFTP server is a VMS system.I could able to write the files to home directory of the user that has been given,but apart from writing the files I am seeing warning log file in the the target folder on SFTP server like below description.I am giving dot(.) in the file path to write the files to the default directory that has been assigned to the user given by receiver SFTP server team.
  WARNING: ssh_file_server_receive_proc: platform cannot stat() filename /home/dir1/dir2 ./TestFile(TestFile is my file name) .
  Just to test,we placed files in the receiver SFTP server using same user and password as the PI recv SFTP channel with command line and winsCP client tool,but we don't see any error logs on the server with WinSCP tool or command line transfer of the files.Log file with above  warning is generating only when we place files on the server using SAP SFTP adapter in the recv channel of PI.
  Please let me know,if you have any insight or seen similar issue.
  Thank you,
  Sri

  Hi Poonam - Blogs on SFTP : Just search for SFTP and filter by blogs/documents.. you can find many..
  >>> http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/305eeb5b-81e7-2f10-d8aa-9216de04ca3e?QuickLink=index&overridelayout=true&57075820413417
  http://scn.sap.com/docs/DOC-35572
  I read in some of the SDN forum that SFTP adapter doesnt have the capability to read the files from multiple directories. So, if we get any requirement to read the files from multiple directories using sftP, why could be a possible solution for this requirement?
  >>> Yes. It is only possible with NFS.
  You have to define multiple channels/interfaces...

• Seeburger SFTP adapter

  Hi
  I want to transfer the file from one location to another locatoin through Seeburger SFTP adapter, is it possible?, If yes could you please suggest how to do and provide any documents/links.
  By using File adapter we can send the data
  /people/william.li/blog/2006/09/08/how-to-send-any-data-even-binary-through-xi-without-using-the-integration-repository
  Like this i want to send the data through SFTP.
  Thanks
  Ramesh

  I had a same question long time back.
  The way to do this is - Exchange the server keys ( Your admin can generate it)
  Install the keys ( server keys ) from the target system in your source server ( where you have SFTP adapter installed). If you have user id and password you can choose in the drop down of the SFTP adapter.
  Yes, FIle adapter is configured to pick the file and virual receiver.
  Another pointer was - there are some fields which are mandatory like mapping where you can use DUMMY.
  To send to the target - configure the receiver adapter.
  Make sure your fire wall is open for the port needed for SFTP.
  -Sanju

• BizTalkServer 2010 SFTP Adapter from CodePlex - Configuring send and receive locations with SSH public and private keys

  Hi there,
  I am looking for step by step instrcutions on how to configure SFTP Codeplex adapter for both receive and send ports.
  Out business partner with whom we push/poll the files from wants us to use SSH encryption/decryption etc.
  Just wondering if the following functionality is supported in Codeplex SFTP adatper without having to write any code.
  Appreciate if there is manaul to do this for SFTP. BTW I do have all the our public and private keys and business partners Public key for configuring.
  For Send port: 1. we would need to encrypt the file with our business partners public key
                        2. sign the file with our private key.
                        3. Send the file through to SSH client which eventually transfers to Remote server.
  Receive port:   1. Connect to SSH Server with SSH-2 key and receive the file
                        2. Verify the file's digital signature agaisnt the Business partners PGP public key
                        3. Decrypt the file using our PGP Public key
  Thanks in advance

  Yes it is supported.
  You can find its documentation in this link 
  You can find section X.509 Certificate Identity Keys
  You can set public and private key in property SSH Identity thumbprint  of send and receive port
  I prefer to test it using client tool like
  FileZilla or WinSCP then test it using sftp adapter
  When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer

• Key based authentication issue in SFTP adapter

  Dear Experts,
  We have a scenario ECC -->SAP PI 7.0-->SFTP server where we are trying to connect to the SFTP server with a Advantco(3rd Party) SFTP adapter. We have placed our private key in a local folder in PI server (not using Net Weaver Key Store) and shared corresponding OpenSSH public key to the trading partner maintaining the SFTP adapter. However, while trying to connect the server through PI, we are getting “com.jcraft.jsch.JSchException: Auth fail” error. Our basis team has confirmed that the SFTP server is reachable when they are trying manually having the same key-pair, but only our SFTP adapter is not able to connect.
  Could you please tell me if we are missing any part of configuration? Like any specific location we need to place the private key in PI server?

  It's solved now. there was some problem related to passphrase we were giving at the time of generating the key. We have generated a key pair without passphrase and the adapter can reach the target SFTP server properly.
  Thanks,
  Soham

• SFTP ADAPTER : PARAMETERS

  Hi,
  I am using a third party SFTP Adapter(Advantco) in my proxy to file scenario.
  When I put the Authentication Type as Public Key,I need to give additional input parameters lik:
  Type of Key Storage: Local File Syatem / Netweaver Key Storage
  Private Key File: ________
  Passphrase: _____________
  what does these parameters inply????
  Why do we use  a public key a authentication???/
  Regards,
  Sriparna
  Edited by: sriparna1 on Oct 8, 2010 12:46 PM

  Hi,
  I think you need to use the certificates to encrypt and decrypt the data and the public key will be available in this certificates.
  Looks like comms channel is looking for the certificate file.
  Regards,
  Vishal

• SFTP adapter Configuration help:

  Dear All,
  I am trying to configure SFTP (seeburger) in sap PI.
  I want to know how to connect SFTP adapter of seeburger with an SSH sever. (I have installed free SSH Server in my laptop).
  How to connect using SFTP SETTING as
  AUTHENTICAION Method: Private Key authorisation
  how to generate/use private key.
  Please Advice,
  Prakash
  Edited by: senthilprakash selvaraj on Jan 20, 2010 6:42 AM

  Dear All,
  I have installed SSH server and genreated the RSA key in Visual admin and i have configured the SFTP adater properly.
  Now i have a different issue.
  In Communication channel monitoring once i start the channel(SFTP) i am not getting any message. Its just saying Channel started and thats it. nothin else is coming.  not even throwing any error. what should i do. why its happing like that.
  I Tried with Authentication mode as Private Key as well as Password. in both configurations are proper.
  also i tried refreshing the cache..no use.
  Please help,
  Senthilprakash

• Can we make server fingerprint field optional instead on mandatory in SFTP adapter

  Dear All,
  We are integrating SAP HCM with Success-factor only for Employee profile as client is only using the "SF PMS" module.
  ABAP program(installed through SH addOn provided by SAP) is generating the Employee profile ".csv" file.
  I am developing a bypass scenario to transfer that ''.csv" file to SuccessFactors SFTP server. However, SuccessFactors SFTP server team is not ready to provide me their "server fingerprint", and they are claiming this info is not required to develop interface in PI. The Authentication mode in SFTP communication channel is "Password" based instead of "Private key".
  Experts please help me understand is there any possibility to make this field optional? if not what else I can try here?
  Thanks,
  Farhan

  Hi Farthan,
  Server Fingerprint is the mandatery field to fonfigure the SFTP adapter. kindly check with your admin team to login thorough CoreFTP, it will be genarte and display the Server fingerpring.
  please go through the below log.
  http://scn.sap.com/community/pi-and-soa-middleware/blog/2012/04/11/sap-sftp-sender-adapter-a-quick-walkthrough
  Regards
  Srinivas

• Self Generated certificate validity issue in ACS 4.0 for Windows

  Hi,
  Is there any solution to extend the validity time of self generated certificate on ACS, by default the validity is set for one year.
  As the server certificate on one of the ACS which is CA has expired and need to renew it.
  Is it possible only one certificate from third party can be used both as a server certificate and certificate from CA for other ACS servers.
  Thanks in Advance
  Regards,
  Ahmed

  Other solution would be to create an in house(Microsoft probably) CA, and get a certificate for your ACS server. Go through the installation steps of Microsoft CA before, as the validity date for Server Certificate(i guess) is configured during initial install of CA.
  Regards,
  Prem

• Dynamic filename creation with Seeburger's SFTP adapter

  Hi Experts,
  I read in one of the forum that Seeburger's SFTP adapter supports dynamic configuration.
  My requirement is i need to dynamically create a file name and put it into a predefined folder(of a third party system) with SFTP adapter.
  Can any one help me with some blogs/Materials on this?
  Thanks,
  Niranjan

  HI,
  Have you look into the blogs mentioned in below forum
  How do we do File content conversion using SFTP SEEBURGER Adapter
  Thanks
  Swarup