Vendor Invoice Management (VIM) for SAP is an OpenText solution which automates and optimizes the processing of vendor invoices within the SAP environment.
VIM Invoice Workplace, as accessed by the transaction, /n/OPT/VIM_WP, or the Fiori app, ‘VIM Invoice Workplace’, provides a central interface where users can manage and process VIM-related documents. It is essentially used by accounts payable staff, procurement teams, and managers to manage their vendor invoices in one place, helping to streamline the invoice-to-payment process.
In the VIM Invoice Workplace, both in Fiori as well as in GUI, there is a pane available in the bottom right of the screen, which shows the preview of the VIM document, which helps a great deal in quickly navigating and processing a large number of VIM documents. Although a full view button, ‘Display Image’ is available to launch the maximized document in a new window.
If secure communication (TLS) is not enabled between the SAP S/4HANA system and the OpenText WebViewer server, the preview pane will not show the VIM document being processed in the same screen, both in the GUI and the Fiori app since the preview feature accesses the document over HTTPS only. This will create considerable inconvenience for the key business users, who are required to manage multiple VIM documents on a regular basis, impacting their productivity.
In order to resolve this issue, we are required to enable secure TLS (formerly / interchangeably SSL) connectivity between the S/4HANA system and OpenText Webviewer server, which requires changes both in the SAP system as well as the OpenText server.
Without the secure communication being enabled between the S/4HANA system and Opentext Webviewer server, we will not see any error message in the SAP GUI screen, whereas in the Fiori app the error, ‘Mixed content: This request has been blocked; the content must be served over HTTPS.’ is observed in the browser console logs (ctrl+shift+i).
To enable SSL/TLS connectivity between the S/4HANA system and OpenText Webviewer server the following are the two key steps to be performed.
I. Implementation of HTTPS protocol on the OpenText Webviewer server by deploying a SSL/TLS certificate.
In our environment, we deployed the SSL/TLS certificate in the OpenText Webviewer server by performing the following steps.
1. Generation of Certificate Signing Request (CSR) for the SSL certificate using DigiCert Certificate Utility for Windows (‘Digicertutil.exe’)
The following fields are to be filled-in, as appropriate:
Common Name:Primary FQDN
Subject Alternative Names: Secondary FQDN (logical/ virtual hostname) of the Webviewer server.
Organization: Full official name of of our organization
Department: IT
City:City of our organization HQ
State: State of our organization HQ
Country:Country of our organization HQ
Key Size: Strength of encryption – chosen the default value of 2048 bits
2. The CSR obtained in the previous step is shared with the Certifying Authority who would sign it and share it in .cer format along with the ‘Root’ and ‘Intermediate’ certificate files.
3. Install the ‘Root’ and ‘Intermediate’ certificates under the ‘Root’ and ‘Intermediate’ paths in the Keystore Java Keytool (‘keytool -import -trustcacerts..’) and verify the same using the certilm.msc Windows utility and also add the ‘Root’ and ‘Intermediate’ certificates to the ‘/certs’ path (<Tomcat home>\certs>).
4. Install the Signed CSR (the obtained SSL/TLS certificate) in the Keystore using the Java Keytool (‘keytool -import -trustcacerts..’) and verify the same using the certilm.msc Windows utility
5. Export the installed SSL certificate from under ‘Personal’ Certificates as a .pfx certificate file with a password, in the certilm.msc Windows utility
6. Add the XML rule in the ‘<Connector/>’ tag for enabling HTTPS protocol with the path of the exported .pfx certificate along with the Keystore path and password, as obtained in the above step, in the configuration file, ‘server.xml’ available under <Tomcat home>\conf path in the OpenText ILM Windows server.
7. Restarting the Apache Tomcat service from Windows Services (services.msc)
8. Testing the secure HTTPS connection in the browser by launching the Tomcat and WebViewer URLs over the HTTPS port – 443
II. Allowing the SAP S/4HANA system to communicate with the OpenText WebViewer server over HTTPS protocol.
In order to allow secure communication from the WebViewer server, we have to specify the HTTPS port of WebViewer service on which it is available post enabling SSL in the above step, and also select the ‘Use HTTPS Protocol’ checkbox for the particular Content Repository of the OpenText WebViewer service in the table, /IXOS/OA_CUST_A in the S/4HANA system via SM30 table maintenance.
Please note that this change requires client-opening.
Consequently, the connectivity between SAP S/4HANA and OpenText WebViewer server will now be successfully established via HTTPS.
The VIM document preview will thus be available in the preview pane in the VIM Workplace both in Fiori as well as in GUI.
