Skip to Content
author's profile photo Former Member
Former Member

SSL certificate for ABAP system..Please guide

Hello All,

We have enabled SSL on ABAP system.

Have generated the csr certificates.

We are purchasing the certificates from SAP (https://service.sap.com/tcs)

Issue:

1. In the SAP TCS site, it asks for a URL.

We placed the order having the ITS FQDN URL.

Example: Lets assume its -> https://dev.sap.com with

dev = server name & sap.com = domain

We got an email from SAP saying that it should be https://sap.com (includes just the domain and not the server name)

2. We went with SAP's suggestion & ordered for certificates.

3. We have uploaded them successfully in the ECC system but whenever we access this from portal (for ESS/MSS), we get a security prompt saying that dev.sap.com is not trusted and not a valid certificate

Please guide ...how should we resolve the issue.

Awaiting Reply.

Thanks,

Ritu

Add a comment
10|10000 characters needed characters exceeded

Related questions

1 Answer

  • author's profile photo Former Member
    Former Member
    Posted on Oct 09, 2008 at 01:35 PM

    Did you order these certificates from SAP, or from one of the trusted root CA's? In order for the web browser to not pop a message about a trusted certificate authority, it must be in the root CA list for the browser. SAP is not a trusted root CA for web browsers.

    Here is a list of the companies in Firefox, for example:

    http://www.mozilla.org/projects/security/certs/included/

    Here is a list for IE:

    http://support.microsoft.com/kb/931125

    There is a way in Windows/IE to install new CA's, but I am not a Windows server guru. Here is a Wiki entry from CAcert on adding new root CAs, but I know nothing about this process:

    http://wiki.cacert.org/wiki/BrowserClients

    Here is my basic rule of thumb for SSL certificates. If the certificate is going between user and server, it needs to be from a valid root CA, or you will get a popup. In non-prod environments, this is probably OK. In prod enviroments, you want a 'real' cert. If the communication is going server to server (ie RFC connections via SNC), you can build a self signed certificate or use the SAP one.

    -rk

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.