Skip to Content

SAP DBTech JDBC: [5643]: Private key provided with own certificate is missing or invalid

Hello,

I'm learning HCP and wants to follow steps of this blog “Play It Again, SAML” - How to Set Up SAML Authentication For Your SAP HANA Cloud Platform Trial InstanceI'm stucked at this step "Register the Service Provider Certificate".
Error message I receive is:

Could not execute 'ALTER PSE TrustMe SET OWN CERTIFICATE '-----BEGIN CERTIFICATE----- ...'

SAP DBTech JDBC: [5643]: Private key provided with own certificate is missing or invalid

Please note that I'm using the existing opensap tenant database as it is not possible to create new ones per SAP HANA Cloud Platform

Can anyone help me to execute this ALTER command on my Eclipse IDE (SAP Hana Administration Console plugin) ?

Thanks

Jacob

error.png (101.7 kB)
Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

2 Answers

  • author's profile photo Former Member
    Former Member
    Posted on Aug 19, 2016 at 01:03 PM

    Monsieur ZITTOUN,

    Il doit y avoir un problème car je reçois ce mail sans être concerné !

    Cordialement,

    Pascal ANDRE

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Aug 19, 2016 at 07:20 PM

    Hi Jacob,

    the error message seems to imply that the private key is missing from the own certificate you are trying to create.

    It should directly follow after the

    -----END CERTIFICATE-----

    line and be enclosed in the tags:

    -----BEGIN RSA PRIVATE KEY-----

    and

    -----END RSA PRIVATE KEY-----

    All this needs to be in a single long multi-line string as argument for your ALTER PSE TrustMe SET OWN CERTIFICATE statement.

    Best regards,

    Oliver

    Add a comment
    10|10000 characters needed characters exceeded

    • Hello Oliver,

      Thanks for the tip but both sections BEGIN CERTIFICATE/END CERTIFICATE and BEGIN RSA PRIVATE KEY/END RSA PRIVATE KEY were present in the ALTER PSE command 😉

      I finally sorted out the problem: the CN subject attribute was filled out incorrectly when generating the certificate files with openssl !!!

      Now a new question arises to continue my learning (section Register Your Service Provider Metadata in the IDP of the blog) : is there a way to connect to an SAP Cloud Identity Administration Console ?

      Thanks

      Jacob

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.