Hi Wolfgang,

Thanks!

One question is that we have installed SSL certificate at ATD server (ABAP+JAVA 6.40) using STRUST transaction, we have installed LAC (java component) on the same server on j2EE engine. When we are accing this application from SRM server by using secure connection it prompting ICM_HTTPS_SSL_ERROR and it showing invalid certificate (i.e issued to: local host and issued by: local host) actually the certificate what we installed (by using STRUST)at ATD server is issued by versign and it is valid only.

is it necessary to install SSL certificate for J2EE engine also on the same server(ATD) by using keystore service?.

if not can you please help me to solve this problem.

Thanks and regards

Seshu

Hi Wolfgang,

Thanks!

Yes, The LAC application deployed on the j2ee engine. Two SAP server stacks are running (ABAP and J2EE), we have installed LAC on j2EE engine. We have installed SSL certificate on ABAP by using STRUST.

I havent perform PKCS#12 export import. Please let me know the step by step procedure to export and import.

Here one more problem is there that initially while installing SSL server certificate on ABAP, we have deviated the host name to hide the internal host name. But from SRM server we are calling LAC application with orginal host name, so then there is a chance to get error that host name not matching. so please let me know how to over come that problem.

Thanks and regards

Seshu

Thanks and regards

Seshu

Hi Wolf,

Thank you!

Request you to make me more clear, for the following questions.

1.sapgenpse import_p12 -p <PSE filename> <filename>.p12

2.sapgenpse export_p12 -p <PSE filename> <filename>.p12

in above 2 steps which one i have to perform first?. which PSE file i need to export and import (SAPSSLA.pse or SAPSSLS.pse)?. what wil be the <filename>.p12?.

In command propmpt can i follow below path to execute those commands.

usr\sap\<SID>\<instance>\sec\

Please asume orginal hostname of our server is DEV.vr.group.com, but we have installed SSL with the host name EVD.group.com by using STRUST. we have published external URL with the name EVD.group.com and at ISA server we have activated link translator to convert external URL to internal URL. Now for J2EE instance we are importing the same PSE but from SRM server we are calling LAC application with orginal host name, so please suggest me what should i do?.

Thanks and regards

Seshu

Hi Wolfgang,

Thank you!

Request you to clarify the following dought.

In the command prompt, where should i perform the following activity(sapgenpse export_p12 -p <PSE filename> <filename>.p12)?. what is the path i sould follow, to export from ABAP instance?.

can i follow below path?

<drive>;\usr\sap\SID\instance\sec\

and what is the path i should follow to perform the import activity that is (sapgenpse import_p12 -p <PSE filename> <filename>.p12) for java instance

And i have tried to export from above said path but it prompting error that no license ticket found,

I have tried like this <drive>:\usr\sap\<SID>\<Insance>\sec\ sapgenpse export_p12 -p SAPSSLS.pse xyz.p12

is this correct way to export..?

Please help me to solve this problem.

Thanks and regards

Seshu

Hi Wolfgang,

Thanks!

I have exported the keypair from ABAP stack to the j2EE engine successfully.

Actually when i execute below command

f:>sapgenpse export_p12 -p SAPSSLS.pse mynew.p12

i have got "no logon ticket found". Then i run the following command

set SECUDIR= k:\usr\sap\<SID>\dvebmgs00\sec

then i successfully exported the certificate in to the "f" drive.

To import the keypair into J2EE engine, i have followed the below path

After i logon to Visula admin tool>keystorage>ssl-certificate> load>.p12 file from os level.

Thanks and regards

Seshu