on 02-03-2017 3:54 PM
We've setup a Web Dispatcher in our DMZ to enable Fiori to connect through our firewall to a backend Gateway System. When we run https://fiori.abc.com to hit that DMZ server it needs a certificate for *.abc.com that says that site can be trusted and has been signed by a Certificate Authority. My company uses COMODO RSA to do that signing. I have their three crt's for setting this up:
AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSAOrganizationValidationSecureServerCA.crt
I've tried every sapgenpse import_own_cert method I can think of and none of them work. They all seem to conflict with my Old Certificate in the PSE. I get the error, "No certificate with your public key found in supplied input". That Old Certificate has CN=<FQHN> in it.
Does anyone have an example of how to setup COMODO with sapgenpse?
Do I use the Server PSE (SAPSSLS.pse) or the Client PSE (SAPSSLC.pse)?
DISCLAIMER: I am new to this and barely understand how it all works but I did get it to work. The Fiori App on you phone will not work if HTTPS is not successful. For the first time, I'm connecting my Fiori App to my backend system inside of our firewall. Wohoo!
First, my company Web Support Team provided me with a STAR_abc_com.pfx certificate. This is the certificate that says all URL's to *.abc.com are trusted and have been signed by a CA. My first attempts to load that pfx with sapgenpse failed.
sapgenpse import_p12 -p SAPSSLS.pse /tmp/STAR_abc_com.pfx
import_p12: Sorry, but certificate chain is incomplete, need certificate of 'CN=COMODO RSA Organization Validation Secure Server CA, O=COMODO CA Limited, L=Salford, SP=Greater Manchester, C=GB'!
To solve this error, I used the import_p12 command but added my COMODO certs to the string with -r entries. It looked like this:
sapgenpse import_p12 -r /tmp/COMODORSAOrganizationValidationSecureServerCA.crt -r /tmp/COMODORSAAddTrustCA.crt -r /tmp/AddTrustExternalCARoot.crt -p SAPSSLS.pse /tmp/STAR_abc_com.pfx
The -r values must proceed the -p value or you'll get syntax issues when they are at the end. Also, you need all three certs in the sting. If you just do one, or two of them, it will fail saying it misses the other.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks, Richard. The solution you have given also worked for us.
User | Count |
---|---|
85 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.