Establishing a trusted relationship between SAP and OneList server (Installing a certificate)

Owned by Alex Xie
Last updated: Sept 03, 2020
3 min read

Before SAP can communicate with the OneList server, a trusted relationship must be defined between SAP and the server where OneList resides - this must be done by adding the site's 'signing' or 'intermediate' certificate to the SAP Trust Manager. Follow the steps below (screenshots were taken in Chrome):



Steps in Web browser (Chrome)

  • Start Chrome (or other web browser) and navigate to your OneList approvals site.

  • Click on the 'lock' icon next to the URL, shown below, and then click on the 'Certificate' menu item:

  • Navigate to the Certification Path tab:

  • Once here, you will see the 'site certificate' (*.onelistapprovals.com in this case - yours will be different) and the 'signing' / 'intermediary' certificate (immediately preceding the 'site certificate' ). Select the latter certificate (NOT the site certificate), and click on the 'View Certificate' button:

  • Navigate to the 'Details' tab and click on the 'Copy to File' button:

  • Follow the steps in the export wizard to save to file to your local machine in a folder of your choice. It may ask you in which format to save the certificate - keeping the default option works well:

  • Save the certificate:



    You should get a 'success' message:

Steps in SAP

  • Navigate to transaction STRUST.

  • In the menu tree on the left, navigate to the node for SSL System Client for Anonymous connections, and double click on the server name under that node:

  • At the bottom, on the left, you wil find a button to import a certificate:

  • Using this button, import the signing certificate you saved in a previous step:

  • The certificate details will be displayed on screen, but it has to be added to the certificate list by clicking on the button shown below:



    You should see a success message:

  • Lastly, 'Save' the certificate (standard save button in the top toolbar) to make the addition of the certificate permanent. You should get this success message:

Testing your connection / endpoint

The simplest way to test that your endpoint has been configured correctly and that the certificate has been installed successfully is by using transaction /IQX/OL_ENDPOINT. Configure the endpoint, then use the 'Test Connection' button:

Before

After successful test:

-- END --