Skip to Content
avatar image
Former Member

Importing intermediate Certificate

We are having issues importing a intermediate certificate from Thawte. We were able to import the Web Server certificate with no problems but when we try the intermediate one it says "no public key can be found."

Has anyone ran into this issue before?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • avatar image
    Former Member
    Mar 03, 2009 at 06:24 PM

    Hi,

    Where do you want to import this certificate ?

    ABAP stack STRUST or Java Stack Visual Admin ?

    Which SAP product and release ?

    PS : You have to give the context of your question : we cannot guess it !

    Regards,

    Olivier

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Oh we have the raw certificate code already.

      So are you saying take what's between the "Begin / End Certificate" and combine that code into 1 single file and then import?

  • avatar image
    Former Member
    Apr 16, 2009 at 01:03 PM

    We just solved this by running sapgenpse import_own_cert -p <pse file> -c <certificate file> -r <intermediate file>

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi.

      Let me give a bit clearer explanation.

      Assuming you have previously setup SSL and HTTPS a Certificate Import is not to hard.

      From whoever manages your Certificates they will give you three items.

      1. Root Certificate     Root-R1.cer

      2. Intermediate Certificate    gsorgsha2256.cer

      3. Self Signed Certificate    southern.com.pfx

      I upload these to my AIX server in a staged area   /SAP/stage/gscerts

      Next copy these files to your  your SECUDIR as noted below.  Run sapgenpse from that area also.

      Set your environment (in my case AIX)

      setenv SECURDIR /usr/sap/SID/DVMB##/sec   (Use the actual values)

          setenv SECURDIR /usr/sap/FSB/DVEMB01/sec

      You concatenate these 3 files in one string with the following command.

      sapgenpse import_p12 -r Root1.cer -r gsorsha2256.cer -p SAPSSLS.pse southern.com.pfx

      It will normally ask you for a Pin  that was given to you when they sent you the certificates.

      This will produce a file called SAPSSL.pse   in your /usr/sap/DVMB##/sec directory.

      Then you must run a 2nd step to generate a secure logon file.

      sapgenpse  seclogin -p SAPSSLS.pse -O <SID> adm 

      Copy the SAPSSLS.pse to your local computer.

      Run strustssO2 and import the PSE Key.  Point it to your local computer and the SAPSSLS.pse file.

      Double Click on the file, it will auto populate the next table.

      Then click on 'Add to Certificate List .

      Then click on add to ACL.  Enter the SID and Instance #.

      Save. 

      You must restart the ICM to get the new key read.

      View the ICM trace file to ensure it finds the certificate.

      I hope that helps. If you have questions, feel free to ask.