Skip to Content
0
Oct 17, 2019 at 02:30 PM

PSE Management removes Subject Alternative Names and Certificate Root from my certificate

94 Views

I have created a Certifacte Authority in OpenSSL that generates certificates by copying the Common Name and the Subject Alternative names from the CSR. In local tests with Windows Certificate Viewer and with IIS, the granted certificate functions properly and has all of the properties set precisely as expected.

We are trying to generate an appropriate self-signed certificate for Web Despatch Administrator, PSE Management in Sap Business One. We have created the CSR, signed it via our OpenSSL-based CA and received a certificate which looks good via Windows Certificate Viewer.

When we paste in the CA response certificate above the CA certificate (as outlined in documentation), it appears to function without fault, however the PSE screen's Subject Alternate names is empty. When testing with a prowser we get the authentication root certificate error.

When I check the certificate that was pulled down by Chrome browser, I can see that our CA Certificate does not appear in the Certification Route, and Subject Alternate Names has been removed. Whilst the Common Name is correct, the issuer has been overwritten, the validity is different, the thumb is different. Basically PSE created it's own certificate instead of using the CA response certificate.

Does anybody know what to do to use our proper certificate. FYI, we are using SHA256 2048 bit, and both CA cert and new cert are 100 year leases (not secure, I know, but these are internal testing only, and we don't like them expiring).

Thanks for any help

Mark