cancel
Showing results for 
Search instead for 
Did you mean: 

Installing a Wildcard Certificate in STRUST

Hi,

I am trying to install a wildcard SSL certificate using STRUST on our ABAP system.

If I try to import it using the "Import Cert. Response" button, I get an error message saying the certificate cannot be installed. I presume this is because my private key does not match the public key of the certificate.

How can I get a wildcard certificate working with my ABAP system? Do I need to somehow change the private key of my system?

Thanks in advance

Accepted Solutions (0)

Answers (2)

Answers (2)

Hello,

We had the scenario as well that we have purchased a Root-CA signed wildcard certificate for our domain. Most instructions found on the web are about getting a signed certificate via CSR (certificate signing request), which means that the self-signed certificate gets signed by a Root-CA.
Our challenge was to get the already existing SSL server certificate into the ABAP stacks STRUST.

The following notes give a good guideline:
https://launchpad.support.sap.com/#/notes/3040959
https://launchpad.support.sap.com/#/notes/2148457
https://launchpad.support.sap.com/#/notes/1473710

Briefly, the procedure is like

  • Certificate file must be present as PFX, password is known. If you got a .crt and .key file it has to be converted.
  • Using sapgenpse from the „SAP COMMONCRYPTOLIB 8“ the PFX is converted into a PSE. Use full patch for the -p parameter, add -r parameter for eventuelly unknown CA Roots. Error messages will guide you.
  • It is possible to add a password while generating the PSE file. If a password is used, it has to be entered multiple times during the subsequent steps.
  • Use STRUST, double click on "File" (lower left) to load and display the PSE, and note down the entry in "Subject" (this is what's called DN in the above referred notes)
  • In STRUST, for SSL Server Standard, right-click and "replace", enter as "Subject" the one that you have noted for the generated PSE.
  • To import, call STRUST, double click on "File" (lower left), then open the PSE file again, then call PSE -> Save as -> SSL Server Standard.
  • In case the STRUST SSL Server Standard contains any instance-specific entries, they have to be removed so that the SSL Server Standard main entry is used. Right-click on SSL Server Standard, then „Change“, then remove the instance specific entries if present

Good luck & best regards
Peter Mueller

AtulKumarJain
Active Contributor
0 Kudos

Hi Stuart,

Please check below thread it may help in your case.

https://scn.sap.com/thread/1587251

BR

Atul