Hi Raghuraman,
The flow is both ways, from SFDC to SAP and vice versa too.
I though we were only suppose to add SFDC cert to PI trusted CA.
If the SFDC team is making call to PI,then you should generate and upload keys in PI.
Then share PI keys to the SFDC team.
which keys we need to create in PI and share with SFDC? is this for authentication?
Also will we require any white-listing in PI server or trusted CA is sufficient ?