on 03-03-2009 3:48 PM
We are having issues importing a intermediate certificate from Thawte. We were able to import the Web Server certificate with no problems but when we try the intermediate one it says "no public key can be found."
Has anyone ran into this issue before?
We just solved this by running sapgenpse import_own_cert -p <pse file> -c <certificate file> -r <intermediate file>
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi.
Let me give a bit clearer explanation.
Assuming you have previously setup SSL and HTTPS a Certificate Import is not to hard.
From whoever manages your Certificates they will give you three items.
1. Root Certificate Root-R1.cer
2. Intermediate Certificate gsorgsha2256.cer
3. Self Signed Certificate southern.com.pfx
I upload these to my AIX server in a staged area /SAP/stage/gscerts
Next copy these files to your your SECUDIR as noted below. Run sapgenpse from that area also.
Set your environment (in my case AIX)
setenv SECURDIR /usr/sap/SID/DVMB##/sec (Use the actual values)
setenv SECURDIR /usr/sap/FSB/DVEMB01/sec
You concatenate these 3 files in one string with the following command.
sapgenpse import_p12 -r Root1.cer -r gsorsha2256.cer -p SAPSSLS.pse southern.com.pfx
It will normally ask you for a Pin that was given to you when they sent you the certificates.
This will produce a file called SAPSSL.pse in your /usr/sap/DVMB##/sec directory.
Then you must run a 2nd step to generate a secure logon file.
sapgenpse seclogin -p SAPSSLS.pse -O <SID> adm
Copy the SAPSSLS.pse to your local computer.
Run strustssO2 and import the PSE Key. Point it to your local computer and the SAPSSLS.pse file.
Double Click on the file, it will auto populate the next table.
Then click on 'Add to Certificate List .
Then click on add to ACL. Enter the SID and Instance #.
Save.
You must restart the ICM to get the new key read.
View the ICM trace file to ensure it finds the certificate.
I hope that helps. If you have questions, feel free to ask.
Hi,
Where do you want to import this certificate ?
ABAP stack STRUST or Java Stack Visual Admin ?
Which SAP product and release ?
PS : You have to give the context of your question : we cannot guess it !
Regards,
Olivier
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Well, I don't know if this info will be useful to it but When I need to configure a signed SSL certificate for a SAP web dispatcher, I use transaction STRUST with option file.
When the signed certificate includes both a root CA and an intermediate CA, I have to extract bith these certificates in base 64 X.509 format and then using a text editor, concatenate the 3 certificates (signed certificate, intermediate CA and root ca) in a single base 64 file. Then I can import susccesfully this file in STRUST in the PSE file that I use for the Web dispatcher.
Tricky, but it works for me !
Regards,
Olivier
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.