cancel
Showing results for 
Search instead for 
Did you mean: 

The submitted Distiguished Name (DN) does not match the DN

former_member312687
Discoverer
0 Kudos

Hi,

We are changing the server in which the sap router was installed .That is , the private ip address of the sap router will be changed .

The public ip address will however remain the same

So far, we have downloaded SAPCAR,SAPCRYPTOLIB and SAPROUTER from the service market place [in the new server] and extracted them in the /usr/sap/saprouter folder ->extraction done and the environment variables have been adjusted.

In our previous server this is is the distinguished name,which we can see from https://launchpad.support.sap.com/#/saproutercertificate

CN=SAPIDES, OU=0000765484, OU=SAProuter, O=SAP, C=DE

E:\usr\sap\saprouter>sapgenpse get_pse -v -a sha256WithRsaEncryption -s 2048 -no
req -p local.pse -x India@123 "CN=SAPIDES, OU=0000765484, OU=SAProuter, O=SAP, C
=DE"
Got absolute PSE path "E:\usr\sap\saprouter\local.pse".
Supplied distinguished name: "CN=SAPIDES, OU=0000765484, OU=SAProuter, O=SAP, C
=DE"
Creating PSE with format v2 (default)
succeeded.
certificate creation... ok
PSE update... ok
PKRoot... ok

E:\usr\sap\saprouter>sapgenpse get_pse -v -onlyreq -r certreq -p local.pse -x In
dia@123
Opening PSE "E:\usr\sap\saprouter\local.pse"...
No SSO credentials found for this PSE.
PSE (v2) open ok.
Generating certificate request... ok.
Certificate Request:
Signed Part:
Subject: CN=SAPIDES, OU=0000765484, OU=SAProuter,
O=SAP, C=DE
Key: rsaEncryption (2048 bits)
Attributes: None
Signature:
Signature algorithm: sha256WithRsaEncryption (1.2.840.113549.1
.1.11)
Signature: <Not displayed>

After this we went to https://launchpad.support.sap.com/#/saproutercertificate and clicked on SUBMIT CSR-> Then copy pasted the contents of certreq into the service market place and req for certificate

Getting the following error :

The certificate for your SAProuter cannot be issued.Reason:The submitted Distiguished Name (DN) does not match the DN contained in the request for the SAProuter certificate.Solution:Submit a Certificate Request (CSR) with the correct DN for the selected SAProuter.Click on "Request a certificate for SAProuter again" button:

WHICH DN SHOULD WE USE ??

PLEASE SUGGEST

Accepted Solutions (0)

Answers (12)

Answers (12)

Dear All,

Generate certificate as below, the mentioned error will not happen.

1.sapgenpse get_pse -v -a sha256WithRsaEncryption -s 2048 -noreq -p local.pse -x <pse password> "<Distinguished Name>"

2.sapgenpse get_pse -v -onlyreq -r certreq -p local.pse -x <pse password>

b) Display the output file "certreq" and with copy & paste (including the BEGIN and END statement) insert the certificate request into the text area of the SAProuter application from which you copied the Distinguished Name.

c) In response you will receive the certificate signed by the CA in a new text area in the SAProuter application. Copy & paste the text to a new local file named "srcert", which must be created in the same directory as the sapgenpse executable.

d) With this in turn you can install the certificate in your SAProuter by calling:

sapgenpse import_own_cert -c srcert -p local.pse -x <pse password>

3. Now you will have to create the credentials for the SAProuter with the same program (if you omit -O <user_for_SAProuter>, the credentials are created for the logged in user account):

sapgenpse seclogin -p local.pse -x <pse password> -O <user_for _SAProuter>

Note: If you chose to generate a new PSE previously and you are replacing an old PSE file, then make sure to delete the old credential first:

sapgenpse seclogin -d <number of the old credential>

4. This will create a file called "cred_v2" in the same directory as "local.pse.

5.sapgenpse seclogin -p local.pse -O Administrator.

6.sapgenpse get_my_name -v -n Issuer.

7.sapgenpse get_my_name -n validity.

admlan
Member

Just use Internet Explorer.

Make sure there are no blank line after the --- END CERTIFICATE REQUEST ----

andrevo
Explorer
0 Kudos

this solved the issue

nerijus_sutas2
Newcomer

Hi,

I've faced the same.

Don't copy paste CSR content to clipboard from RDP, copy the file to your PC then open it.

Somehow contents of clipboard gets messed up when copying from RDP.

0 Kudos

The way to solve this problem is to copy the certificate response on the same machine as the browser logged on. Do not copy over a remote Desktop session as this will not work.

0 Kudos

All above replies are valid and several have solved my issues in the past. Today, however, none of them worked.

It suddenly worked when I accessed SAProuter application using an "incognito" browser window.

Good luck to everyone and happy setups!

andrevo
Explorer
0 Kudos

i have the same Problem using chrome

gurpreet
Explorer
0 Kudos

FYI: I had this problem when using IE and the new Edge. It worked with Chrome; go figure.

My suggestion would be to not leave out a browser if you have this issue.

robsolomon
Explorer
0 Kudos

I had the same problem and tried Xavier's approach and it worked for me too. MSIE, Chrome and even Firefox didn't work. I don't know what the real problem is, but Edge was the solution.

xlazaro
Explorer
0 Kudos

Same problem for me, using Microsoft Edge instead of Google Chrome solved it.

Former Member
0 Kudos

Hi,

Did you end up solving that issue? I have the exact same issue and I think this is due to SAP changing the method on providing certs.

Regards,

Ryan

janos_czettler
Participant
0 Kudos

HI!

exactly same issue here during a certification request. It always worked okay. I never saw that.

Did you get any solution for this?

Thanks!

Regards,

Janos