cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSL error: error Import_own_cert: Installation of certificate failed SHA2 certificate

Go to solution
former_member203029
Participant

on ‎06-22-2015 2:22 PM

0 Kudos

Hi Guys, Currently I am facing an error while installing the SHA2 certificate in SAP Web Dispatcher. Just after updating the SAPCRYPTO to version 8.4.36 there seems to be an issue regarding the installation of the certificate. Used SAPGENPSE to import the SSL certificate As shown it's giving error Import_own_cert: Installation of certificate failed. Am attaching the images for reference, Suggest me a way to make it work. Thanks in advance. Regards, Kaushik G

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎06-22-2015 7:25 PM
0 Kudos

Kaushik,

The "import_own_cert" is what I use once I have exported my PSE, got it signed by my CA, and then ready to pull back into my PSE.  Like when your SSL cert is about to expire.  Is that what you are trying to do?

NICK

Show replies
Show replies
former_member203029
Participant
‎06-23-2015 11:09 AM
0 Kudos

HI Nick, Exactly. Kaushik

isaias_freitas
Advisor
Advisor
‎06-23-2015 2:47 PM
0 Kudos

Hello,

If you're running a Web Dispatcher 7.42, try managing the certificates through the Web Administration page .

Managing PSE files at the Web Dispatcher - Application Server Infrastructure - SCN Wiki

Former Member
‎06-23-2015 3:27 PM
0 Kudos

Kaushik,

I'm not sure about your syntax on that command.  When I do an import of a signed cert, I grab the whole "chain", not just the .cer.  Also, I see you are doing the "-r" for the intermediate cert.  You can import that later if you wish, or before you do this part.  See what happens if you just did that.

Sort of like this:

./sapgenpse import_own_cert -p YOURPSE.pse -c SignedCertResponseChain.p7b

former_member203029
Participant
‎06-23-2015 5:04 PM
0 Kudos

Hello,

Good to hear from you again , The Web Dispatcher that am working on is 7.3 so can't manage the certificates from the Web Dispatcher Administration Page.

isaias_freitas
Advisor
Advisor
‎06-23-2015 5:26 PM
0 Kudos

Hello ,

I think that nailed it.

I've double checked the screenshots, and the error at screenshot #2 shows that something at the certificate chain is missing.

Answers (1)

Answers (1)

former_member203029
Participant
‎06-23-2015 6:40 PM
0 Kudos

Hi Guys,

Successfully installed the certificates , we Exported the Thawte certificate from Internet Explorer and added it to the below command.

sapgenpse.exe import_own_cert -c C:\Users\wdqadm.SAPWDQ000\Desktop\cert\ssl_certificate.cer -p D:\usr\sap\WDQ\W00\sec\SAPSSL.pse -x **********pin -r C:\Users\wdqadm.SAPWDQ000\Desktop\cert\IntermediateCA.cer -r thawteroot.cer -v

Now I want to check whether the installed certificate is using the SHA256 algorithm or not.

When we check through INTERNET EXPLORER (IE) when we click on the lock symbol we are getting the below result as shown in the image.

Suggest me a way to check weather the installation of SHA256 certificate was successful or not.

Best Regards,

Kaushik G

Show replies
Show replies
Former Member
‎06-23-2015 6:43 PM
0 Kudos

Kaushik,

I see your screen shots.  It looks like the algorithm used is displayed pretty clearly.  "Signature hash algorithm" is sha256...

you see that right?

NICK

former_member203029
Participant
‎06-23-2015 6:55 PM
0 Kudos

Yes NICK ,I see it.

isaias_freitas
Advisor
Advisor
‎06-23-2015 7:12 PM
0 Kudos

Hello Kaushik,

Since the original question has been solved, please close this thread.

I would give the "correct answer" to Nick's reply from earlier.



Kaushik,




I'm not sure about your syntax on that command.  When I do an import of a signed cert, I grab the whole "chain", not just the .cer.  Also, I see you are doing the "-r" for the intermediate cert.  You can import that later if you wish, or before you do this part.  See what happens if you just did that.




Sort of like this:








./sapgenpse import_own_cert -p YOURPSE.pse -c SignedCertResponseChain.p7b

Please open new threads for different questions.

Anyway, the algorithm is defined at the certificate itself. And as you saw yourself, the certificate is informing that the algorithm is sha256.

Cheers!

Ask a Question