Professional Documents
Culture Documents
- How To Guide -
SEEBURGER AG
Platform: PI
Release: 7.1x/7.3x
SEEBURGER AG
Inhalt
SFTP CERTIFICATE HANDLING
CONFIGURATION ERRORS
12
APPENDIX
12
12
13
14
15
17
18
Further Information
18
Seite 2/18
26.02.2013
SEEBURGER AG
Icons
Symbol
Description
Caution
Warning
Note
Recommendation
Requirements
Information
Example
Code
Seite 3/18
26.02.2013
SEEBURGER AG
Fill in View Name and Description for the new view. Click Create.
Seite 4/18
26.02.2013
SEEBURGER AG
Recommendation:
In addition to these two required Keystore Views it is recommended to create a third Keystore
View to store the certificates imported from the SSH (SFTP) servers. This keystore should be
used as the Know Hosts Store in your communication channel settings.
26.02.2013
SEEBURGER AG
Fill in the Entry Name rsa_ca and check Store Certificate to create a certificate (otherwise only a
private key will be created). Make sure you selected Algorithm RSA. Click Next.
Fill in the Subject Properties. If required, properties can be added or removed by clicking the Add or
Remove button. Click Next.
Seite 6/18
26.02.2013
SEEBURGER AG
Seite 7/18
26.02.2013
SEEBURGER AG
From there you have to copy the certificate to your Known Hosts keystore.
Seite 8/18
26.02.2013
SEEBURGER AG
Importing the SSH (SFTP) public key manually will not work as the SFTP adapter performs a
transformation on the key and wraps it into a certificate in order to use the PI keystorage
functionalities.
Select the user seesftp and switch to the Assigned Roles tab in the Details of User pane. Click
Modify.
Seite 9/18
26.02.2013
SEEBURGER AG
Search for the Role view-creator*. Select the roles of the Keystore Views
view-creator.SSH_CA
view-creator.SSH_hosts
26.02.2013
SEEBURGER AG
Seite 11/18
26.02.2013
SEEBURGER AG
Configuration Errors
Errors in the Runtime-Workbench
SFTP client was not able to connect
Error:
Solution:
Check the host name and port specified in your communication channel configuration. Also check your
firewall settings.
Error:
Solution:
Check if the SFTP adapter user (default: seesftp) has the permissions to access the required Keystore
Views. If not, add the necessary roles (see Granting Keystore View access to the adapter user).
Seite 12/18
26.02.2013
SEEBURGER AG
Solution:
1. Check if the Known Hosts Store configured in your communication channel settings exists in
the NWA Certificates and Keys: Key Storage and if the names are matching.
Seite 13/18
26.02.2013
SEEBURGER AG
2. Check if the keystore contains the SFTP servers public key certificate.
Note:
By default the SFTP adapter imports the SFTP servers public key into the SSH_hosts
keystore when the first connection attempt is made. You have to copy the certificate
containing the servers public key to the keystore configured as the Known Hosts Store in
your communication channel settings.
Solution:
Make sure you use the correct Authentication method to connect to the SFTP server.
1. When Password authentication is used check the user and password specified in your
communication channel configuration.
2. When Private Key Authentication is used check the private key specified in your
communication channel configuration.
a. Make sure the private key is present in the keystore configured in the Private key
field in the channel settings.
Seite 14/18
26.02.2013
SEEBURGER AG
b. Make sure the certificate with the public key is imported on the SFTP server.
Note:
If the SFTP server is hosted by an external party you have to provide your public key
certificate to this party.
Seite 15/18
26.02.2013
SEEBURGER AG
The SFTP adapter is trying to import a new SFTP server public key into the SSH_hosts keystore but
fails to do so because of an already existing entry with the same name. Delete the existing entry and
wait for the adapter to connect again (or force a new connect by stopping and starting the
corresponding communication channel).
Check if the certificate was imported to the SSH_hosts keystore then switch to your Known Hosts
keystore and copy the newly imported certificate.
Seite 16/18
26.02.2013
SEEBURGER AG
Solution:
See SEEBURGER Self Help Document 13369 and follow the steps described.
Seite 17/18
26.02.2013
SEEBURGER AG
Appendix
Further Information
Information:
For further information refer to the SEEBURGER Master Configuration Guide and the Adapter
manuals coming with the solution release.
Seite 18/18
26.02.2013