Welcome to How to configure HTTPS Inbound Connection in Cloud Integration Cloud Foundry using Client Certificate Authentication Step-by-Step.

In this whitepaper you will find all the details that are needed to let you configure an HTTPS Inbound Connection in Cloud Integration and the ability to create an RFC connection and establish the connection from S/4HANA on-Premise or NetWeaver to Cloud Integration.

There are many blogs in our community that talks about how to configure and implement this setup. However; one section that was missing which is how to generate the client certificate and install it in S/4HANA on-Premise system and configure an RFC connection. For that reason this whitepaper has been created to show you all the steps that are needed in order to configure the RFC connection using Client Certificate Authentication and establish an HTTPS connection to Cloud Integration on Cloud Foundry.

As well the whitepaper will show you how to configure POSTMAN and test with

• Basic Authentication
• Client Certificate Authentication

In this whitepaper, you will find the following:

Chapter 1 – Overview

• Architecture
• Creating the Integration Flow
• Testing the connection with Basic Authentication using POSTMAN

Chapter 2 – Configuring Integration Flow with Client Certificate

• Generate Client Certificate .PFX file using SAP Passport
• Download the Load Balancer Certificates
• Generate Client X.509 Certificate
• Configuring Client User Certificate to an Instance
• Testing Certificate Authentication with POSTMAN

Chapter 3 – Configuring Backend

• Adding Client Certificate to STRUST
• Adding X.509 CAs Certificates to the Trust Manager Certificate Trusted List
• Configuring RFC Connection
• Test RFC Connection

Chapter 4 – Troubleshooting

• Error 1 – You are not authorized to perform this operation
• Error 2 – RFC connection Error SSL Handshake error
• Error 3 – STRUST Add to Certificate List is grayed it out
• Error 4 – Using trial account, Client Certificate Authentication is failing

This whitepaper can be found in the following WiKi:

Note: Please refer to the following KBA that address the new changes in configuring client user certificate to an instance in Chapter 2. 3281113 – Grant-type “client_x509” missing when creating an Instance in BTP Cockpit – SAP ONE Support Launchpad