3711618 - Client Authentication EKU Deprecation - Impact to Inbound scenarios to SAP Integration Suite / Cloud Integration / API Management

Symptom

You have received a notification mail with title "[Action Required] Client Certificate Authentication change for Inbound communication", advising the deprecation of Client Authentication EKU and its impact to Cloud Integration / API Management service.

The purpose of this KBA is to provide clarification on the actions required on customer side in relation to this.

Note: This article covers only Inbound scenarios to SAP Integration Suite / Cloud Integration / API Management service.
For Outbound scenarios, see SAP KBA 3716130 - [Cloud Integration] Change in Root Certification Authority for SAP Default Certificate.

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

Environment

Cloud Integration
API Management
SAP Integration Suite
SAP Business Technology Platform

Product

API Management all versions ; Cloud Integration all versions ; SAP Business Technology Platform all versions ; SAP Integration Suite all versions

Keywords

Client Certificate Authentication, Client Certificate, SSL, 2-way SSL, mtls, PKI, X.509, authentication, Extended Key Usage, EKU, HTTP 401, OpenSSL, 26, unauthorized, Cloud Integration, CPI, SAP Integration Suite, Runtime, Sunsetting the client authentication EKU , KBA , LOD-HCI-PI-OPS , Cloud Operations , OPU-API-OD-OPS , Operations , Product Enhancement

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.