Skip to Content

How to implement certificate lifecycle management for AS ABAP by using Secure Login Server?

Apr 30 at 12:43 PM


avatar image


Automatically renew long-lived X.509 certificates, which are stored in the trust manager of SAP NetWeaver Application Server for ABAP

A background job in the AS ABAP monitors the certificates, detects the expired ones, and requests their renewal.Certificate life-cycle management is a function that enables to directly renew certificates (in PSEs).


I'm trying to implement a certificate lifecycle management using Secure login Server, I have already found some information about this topic in Handbook (Secure Login For SAP SSO 3.0) section (4.15) .
This is what I have so far done, but an Error Happens, Please see the Implementation steps and can anybody help me?

At fist in Transaction (Strust) I created SSL Anonymous PSE and there I imported TLS Certificate.Then I created SSL client Standard. See link please Certificate Lifecycle Management, Part 2/2

And now in Secure Login Administration Console:
First: I have configured the application Server Authentication Type "Registration Agent" step by step as in Guide.




Second: I have configured the application Server Authentication Type "Application" step by step as in Guide. the same steps like in Registration Agent, different in two things see photos



and now I set up the application Server Profile Group for Multiple Application Servers for ABAP/SAP Systems (ABAP) as in Guide.

After all last steps, I saved all and in SAP GUI via Transaction SE38 i wanted to run the Report SSF_CERT_ENROLL.
I created Variant for this Program and clicked on Execute.

I entered the the metadata URL from the Secure Login Server in the SLS Metadata URL field,and my username and password

At this stage, I crashed with this Error and I cannot go Ahead.

Therefore, I would like to ask for advice if any area I should be further try to resolve this issue.

Thank you for your help and support.


1.png (46.7 kB)
2.png (58.4 kB)
3.png (64.5 kB)
4.png (62.5 kB)
application-5.png (59.6 kB)
application-3.png (57.3 kB)
6.png (49.7 kB)
7.png (21.2 kB)
9.png (13.2 kB)
10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Best Answer
Carsten Olt May 02 at 03:24 PM

Hi Abdullah,

i tried to perform the steps outlined in the manual and have similar issues to enroll the Registration Agent certificate.

Here is the error message I have when executing the Report SSF_CERT_ENROLL.

I have changed the the authentication configuration for the RA profile to ticket or basic and absolutely entered the correct user id.

SAP - any ideas what could be wrong?

Thx. Cheers, Carsten

10 |10000 characters needed characters left characters exceeded