Skip to Content

How to implement certificate lifecycle management for AS ABAP by using Secure Login Server?

Background:

Automatically renew long-lived X.509 certificates, which are stored in the trust manager of SAP NetWeaver Application Server for ABAP

A background job in the AS ABAP monitors the certificates, detects the expired ones, and requests their renewal.Certificate life-cycle management is a function that enables to directly renew certificates (in PSEs).

Question:

I'm trying to implement a certificate lifecycle management using Secure login Server, I have already found some information about this topic in Handbook (Secure Login For SAP SSO 3.0) section (4.15) .
This is what I have so far done, but an Error Happens, Please see the Implementation steps and can anybody help me?

At fist in Transaction (Strust) I created SSL Anonymous PSE and there I imported TLS Certificate.Then I created SSL client Standard. See link please Certificate Lifecycle Management, Part 2/2

And now in Secure Login Administration Console:
First: I have configured the application Server Authentication Type "Registration Agent" step by step as in Guide.
1.

2.

3.

4.

Second: I have configured the application Server Authentication Type "Application" step by step as in Guide. the same steps like in Registration Agent, different in two things see photos

1.

2.

and now I set up the application Server Profile Group for Multiple Application Servers for ABAP/SAP Systems (ABAP) as in Guide.

After all last steps, I saved all and in SAP GUI via Transaction SE38 i wanted to run the Report SSF_CERT_ENROLL.
I created Variant for this Program and clicked on Execute.

I entered the the metadata URL from the Secure Login Server in the SLS Metadata URL field,and my username and password

At this stage, I crashed with this Error and I cannot go Ahead.

Therefore, I would like to ask for advice if any area I should be further try to resolve this issue.

Thank you for your help and support.

Regards
Abdullah

1.png (46.7 kB)
2.png (58.4 kB)
3.png (64.5 kB)
4.png (62.5 kB)
application-5.png (59.6 kB)
application-3.png (57.3 kB)
6.png (49.7 kB)
7.png (21.2 kB)
9.png (13.2 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    May 02 at 03:24 PM

    Hi Abdullah,

    i tried to perform the steps outlined in the manual and have similar issues to enroll the Registration Agent certificate.

    Here is the error message I have when executing the Report SSF_CERT_ENROLL.

    I have changed the the authentication configuration for the RA profile to ticket or basic and absolutely entered the correct user id.

    SAP - any ideas what could be wrong?

    Thx. Cheers, Carsten

    Add comment
    10|10000 characters needed characters exceeded

  • Nov 09 at 05:03 PM

    Hi Abdullah/Carsten

    I am getting same error and trying to update the authentication configuration for RA on the Java side.

    What should be the setting ? Your help will be much appreciated.

    Thanks & Regards,

    Prem

    Add comment
    10|10000 characters needed characters exceeded