Our integration hub SFTP connection in SAP CX 2105 is failing with a certificate trust error. We’re trying to export customer data to an external SFTP server for our data warehouse integration, but the connection fails immediately with ‘certificate trust validation failed’.
The SFTP server uses a self-signed certificate, and we’ve tried importing it into what we thought was the correct trust store, but the error persists. The connection test in integration hub shows: “Unable to establish secure connection - server certificate not trusted”.
We’ve verified the SFTP server is accessible (we can connect using FileZilla with the same certificate), so the issue is specifically with how SAP CX integration hub is handling SFTP certificate management. The connection configuration looks correct - hostname, port, username are all valid.
This is blocking our nightly data export jobs. Anyone know the proper way to configure trust store for SFTP connections in the integration hub? We need help with SFTP certificate management and integration hub connection setup.
You need to import the certificate into the ‘Integration’ trust store specifically, not the System trust store. The integration hub uses its own trust store for outbound connections. After importing, you also need to restart the integration hub service for the changes to take effect. In SAP CX 2105, there’s a known issue where trust store updates don’t propagate immediately to active connections.
I exported the full certificate chain and tried importing it through the SAP CX admin console under Security > Trust Store Management. The import seemed to succeed, but the SFTP connection still fails with the same error. I’m wondering if there’s a specific trust store for SFTP connections that I’m missing? The admin console shows multiple trust stores (System, Integration, External Services).
Self-signed certificates require special handling in SAP CX. You need to import the certificate into the SAP CX trust store, not just the integration hub configuration. The trust store location varies depending on your deployment model (cloud vs on-premise). For cloud deployments, you typically need to use the SAP CX administration console to upload the certificate.
I’ve dealt with SFTP certificate issues before. The problem is usually that the certificate chain isn’t complete. Even though you’re using a self-signed cert, SAP CX might be looking for intermediate certificates. Try exporting the full certificate chain from your SFTP server (including root and any intermediate certs) and import all of them into the trust store. Also make sure you’re importing to the correct trust store - SAP CX has separate trust stores for different connection types.