Skip to Content

How to implement certificate lifecycle management for AS ABAP by using Secure Login Server?


Automatically renew long-lived X.509 certificates, which are stored in the trust manager of SAP NetWeaver Application Server for ABAP

A background job in the AS ABAP monitors the certificates, detects the expired ones, and requests their renewal.Certificate life-cycle management is a function that enables to directly renew certificates (in PSEs).


I'm trying to implement a certificate lifecycle management using Secure login Server, I have already found some information about this topic in Handbook (Secure Login For SAP SSO 3.0) section (4.15) .
This is what I have so far done, but an Error Happens, Please see the Implementation steps and can anybody help me?

At fist in Transaction (Strust) I created SSL Anonymous PSE and there I imported TLS Certificate.Then I created SSL client Standard. See link please Certificate Lifecycle Management, Part 2/2

And now in Secure Login Administration Console:
First: I have configured the application Server Authentication Type "Registration Agent" step by step as in Guide.




Second: I have configured the application Server Authentication Type "Application" step by step as in Guide. the same steps like in Registration Agent, different in two things see photos



and now I set up the application Server Profile Group for Multiple Application Servers for ABAP/SAP Systems (ABAP) as in Guide.

After all last steps, I saved all and in SAP GUI via Transaction SE38 i wanted to run the Report SSF_CERT_ENROLL.
I created Variant for this Program and clicked on Execute.

I entered the the metadata URL from the Secure Login Server in the SLS Metadata URL field,and my username and password

At this stage, I crashed with this Error and I cannot go Ahead.

Therefore, I would like to ask for advice if any area I should be further try to resolve this issue.

Thank you for your help and support.


1.png (46.7 kB)
2.png (58.4 kB)
3.png (64.5 kB)
4.png (62.5 kB)
application-5.png (59.6 kB)
application-3.png (57.3 kB)
6.png (49.7 kB)
7.png (21.2 kB)
9.png (13.2 kB)
Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

3 Answers

  • Best Answer
    May 02, 2018 at 03:24 PM

    Hi Abdullah,

    i tried to perform the steps outlined in the manual and have similar issues to enroll the Registration Agent certificate.

    Here is the error message I have when executing the Report SSF_CERT_ENROLL.

    I have changed the the authentication configuration for the RA profile to ticket or basic and absolutely entered the correct user id.

    SAP - any ideas what could be wrong?

    Thx. Cheers, Carsten

    Add comment
    10|10000 characters needed characters exceeded

  • Nov 09, 2018 at 05:03 PM

    Hi Abdullah/Carsten

    I am getting same error and trying to update the authentication configuration for RA on the Java side.

    What should be the setting ? Your help will be much appreciated.

    Thanks & Regards,


    Add comment
    10|10000 characters needed characters exceeded

  • Feb 21 at 07:45 AM

    Hi Abdullah/Carsten/Premjit
    Im facing the same issue. I followed the implementation guide concerning "Registration Agent" and "Application" but i got the same error as Carsten (Invalid user name/password: {"certificate template ...)
    Did anyone of you resolve the problems?

    Thanks an Regards

    Add comment
    10|10000 characters needed characters exceeded