Skip to Content

SSL certificate in SAPSSLS.PSE doesnt' match the one in STRUST - SSL Server Standard

I'm trying to replace the SSL Server Standard certificate because ICM HTTPS has a certificate error: https://<server FQDN>:8443/sap/public/icman/ping

So in STRUST, I deleted the old SSL Server Standard certificate and created a new one. Signed it with our own CA and imported it in. Everything looks fine in STRUST. However, the web page is still using the self-signed certificate. I used sapgenpse.exe to check the certificate in SAPSSLS.pse. It is the same self-signed certificate from the web page.

I performed the same steps for "SSL client SSL Client (Standard)" without any problems. The certificate matched with the one from SAPSSLC.pse. Only SSL Server Standard is not matching. Did I miss a step somewhere?

I can use sapgenpse.exe to sign the certificate as a workaround. But that's not my preferred method. Plus because of the mismatch, it will cause confusions and/or problems later. Does anyone know how to fix this?

Thank you

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Apr 21, 2017 at 07:50 PM

    Hi Henry,

    After replacing the SSL certificate in STRUST, you need to restart the ICM, via SMICM -> Administration -> Exit Soft -> Global, in order for the new certificate to take effect.

    Cheers,
    Matt

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Matt,

      I tried that already. I even restarted the SAP instance. The problem is that the certificate listed in STRUST (SSL Server Standard) is not the same as the one in SAPSSLS.pse.

      After signing the certificate in SAPSSLS.pse using sapgenpse.exe, HTTPS works. HTTPS is showing the same certificate in SAPSSLS.pse but not in STRUST.

      Thanks,

      Henry