on 04-08-2009 4:16 PM
Hello Colleagues,
we need to know how we can import an IIS CA generated Key Pair (public
key, private key) into SAP Trust Manager (STRUSTSSO2)!
I know from our windows guys there is a possibilty to transfer CA sign
generated Key Pair from one IIS web server to and different one.
1. It is possible to import these Key Pair into the SAP WAS under Trust
Manager or different place different way?
2. Addional what we need to have is a GlobalSign Root Certificate
installed on our PI system. If this assumption correct? If yes, how is
here the correct process? Only some different Root certificates are
available at database under Trust Manager.
Many thanks in advance!
Regards,
Jochen Schertel
Procedure
From the Trust Manager screen:
Expand the SSL server PSE node.
For each application server that is to receive a signed certificate:
Select the application server with a double-click.
The application server's SSL server PSE is displayed in the PSE maintenance section.
In the PSE maintenance section, choose Import Cert. Response.
The dialog for the certificate request response appears.
Insert the contents of the certificate request response into the dialog's text box (using Paste) or select the response from the file system by using Load local file.
The signed public-key certificate is imported into the server's SSL server PSE, which is displayed in the PSE maintenance section. You can view the certificate by selecting it with a double-click. The certificate information is then shown in the certificate maintenance section.
Save the data.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Kubra,
the solution is folloing:
since patch level 16, the command line tool 'sapgenpse' is able to
import key pairs in PKCS#12 format into PSEs (note 745063).
Please execute the command
sapgenpse import_p12 -h
to display the builtin help for the actual command syntax. The related
root certificate must be specified in this step.
For importing your prepared PSE into the system's database, you will
need to proceed as described in note 1178155.
That means (summary):
- copy the PSE where the PKCS#12 key pair had been imported onto
your workstation (PC)
- TA STRUSTcreate the SSL Server PSE, using the desired subject name
for the application server specific PSE (same as in the PKCS#12 cert.)- doubleclick the "File" icon in the PSE list (left hand side) and
select the PSE from your workstation (PC). that means import from menu.
- run the menu command "PSE --> Save as ..." and select the PSE type
SSL Server PSE
- finish the step and save the new SSL Server PSE.
- restart ICM, if it is not restarted automatically
Regards,
Jochen
User | Count |
---|---|
87 | |
10 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.