 |
| ||||||||
What are the customer specific changes required for SAP Integration Suite, managed gateway for spend management and SAP Business Network - Certificate Replacement, TLS deprecation and Cloud Connector?
* All the changes were postponed to October 26th - at the same time. *
1. SAP Integration Suite, managed gateway for spend management and SAP Business Network Client Certificate Replacement:
This change is for all customer using certificate based authentication or use encryption/signature of their payloads(Suppliers using AS2), this is independently of whatever they use to connect to Managed Gateway for Spend&Network.
When will the change occur?
Oct 26, 2020 12:00pm – 3:00pm PST/ 9:00 PM -12:00 AM CET
What is changing?
SAP Integration Suite, managed gateway for spend management and SAP Business Network is separating the tenant and the load balancer certificate for the test and production environments respectively due to security standards.
- Load Balancer certificates (these are used for Customer to SAP Integration Suite, managed gateway for spend management and SAP Business Network connectivity) – testacig.ariba.com and acig.ariba.com and these are not changing.
- Client Certificates (used for Mutual authentication) / Sign-Verify/Encrypt-Decrypt new URLs are being implemented
- TEST: testacig.ariba.com will be replaced witharibacloudintegration-test.ariba.com
- PRODUCTION: acig.ariba.com will be replaced with aribacloudintegration-test.ariba.com and aribacloudintegration.ariba.com in their test and production environments, respectively
Note: How to Identify Certificate based authentication through CIG?
Go to Managed Gateway for Spend&Network Menu > My Configurations > Connections
Transport Type should be HTTPS and in the section Inbound to Trading Partner, Authentication Type should be Certificate.
What customers are impacted and what customer should do?
Click Customer Impact
Certificates can be downloaded from here
aribacloudintegration-test.ariba.com
aribacloudintegration.ariba.com
2. TLS 1.1 Deprecation, and TLS 1.2 Cipher Suites Hardening:
When will the change occur?
TLS 1.1 Deprecation and deprecation of select TLS 1.2 Cipher Suites on October 26, 2020 between 12:00 PM – 3:00 PM PST/ 9:00 PM -12:00 AM CET
3. SAP Integration Suite, managed gateway for spend management and SAP Business Network Cloud Connector Configuration Change
What is the deadline to complete this change?
Customers are advised to implement these changes anytime starting today, but they must be completed before October 26, 2020 11:00 AM PST / 8:00 PM CET
What is the impact if changes are not completed by timeline above?
Customers will not receive some transactions which will be processed by new instances (tenants).
What is changing?
SAP Integration Suite, managed gateway for spend management and SAP Business Network is increasing the number of Cloud Platform Integration (CPI) instances and therefore customers must register these new instances in order to receive documents from all of them. Following are the new subaccounts that customers must register per environment and Data Center:
|
Region |
Region Host |
Environment |
Subaccount Name |
Remarks |
|
EU |
eu1.hana.ondemand.com |
TEST |
aff5426a3 |
Subaccount already exists |
|
a18a6fc8f |
New subaccount | |||
|
PROD |
a8f3ed22c |
Subaccount already exists | ||
|
ab9e90b64 |
New subaccount | |||
|
a278d9ec7 |
New subaccount | |||
|
a508aae51 |
New subaccount |
|
US |
us4.hana.ondemand.com |
TEST |
xf014edd7 |
New subaccount |
|
x60abf046 |
New subaccount | |||
|
PROD |
b3bcoyxwro |
New subaccount | ||
|
x691dbc6d |
New subaccount | |||
|
x1e1a8cfb |
New subaccount | |||
|
x8713dd41 |
New subaccount |
Who is required to do this change?
All Ariba customers using SAP Integration Suite, managed gateway for spend management and SAP Business Network and SAP Cloud Connector in order to integrate their ERP with SAP Ariba solutions.
How do I add these new subaccounts into my Cloud Connector?
- Log on to Cloud Connector.
- Choose the Add Subaccount button.
- Enter the <Region> as listed above.
- Enter the <Subaccount> as listed above.
- Enter the <Subaccount User> (P-user) and <Password> (these are the values you obtained when you enabled CIG).
- (Optional) Enter <Display Name>.
- (Optional) Enter <Location ID> (use the same LocationID that you had previously configured in CIG)
- (Optional) Enter <Description>.
- Choose Save.
- Repeat from step 2 per account associated to the datacenter that you are connected.
- Click Cloud To On-Premise link to provide the virtual mapping to the internal system to all the new subaccounts created as the old subaccount.
- Maintain URL and Access policy as Old Subaccount.
Note: Do not disconnect the old subaccount, just add the new subaccount and check if it is Reachable.
4. Profile parameter change in ERP to Support SNI (Server Name Indication)- Mandatory
Connectivity from ERP to Managed Gateway for Spend&Network fails with SSSLERR_SERVER_CERT_MISMATCH
How to confirm and test if the SNI (Server Name Indication) extension is active in my ERP?
Please go through the below links for more information.
Certificate Installation steps PI
Certificate Replacement September 20-21
Download new Certificates
TLS 1.1 Deprecation, and TLS 1.2 Cipher Suites Hardening
NetWeaver Application Server: How to configure strict TLS 1.2
Cloud Connector Configuration Change
SAP Integration Suite Managed Gateway > Managed Gateway for Business Network SCC > Managed Gateway for Buyer Business Network SCC