cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HowTo import Key Pair into Trust Manager

Former Member

on ‎04-08-2009 4:16 PM

0 Kudos

Hello Colleagues,

we need to know how we can import an IIS CA generated Key Pair (public

key, private key) into SAP Trust Manager (STRUSTSSO2)!

I know from our windows guys there is a possibilty to transfer CA sign

generated Key Pair from one IIS web server to and different one.

1. It is possible to import these Key Pair into the SAP WAS under Trust

Manager or different place different way?

2. Addional what we need to have is a GlobalSign Root Certificate

installed on our PI system. If this assumption correct? If yes, how is

here the correct process? Only some different Root certificates are

available at database under Trust Manager.

Many thanks in advance!

Regards,

Jochen Schertel

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎04-13-2009 6:35 AM
0 Kudos

Procedure

From the Trust Manager screen:

Expand the SSL server PSE node.

For each application server that is to receive a signed certificate:

Select the application server with a double-click.

The application server's SSL server PSE is displayed in the PSE maintenance section.

In the PSE maintenance section, choose Import Cert. Response.

The dialog for the certificate request response appears.

Insert the contents of the certificate request response into the dialog's text box (using Paste) or select the response from the file system by using Load local file.

The signed public-key certificate is imported into the server's SSL server PSE, which is displayed in the PSE maintenance section. You can view the certificate by selecting it with a double-click. The certificate information is then shown in the certificate maintenance section.

Save the data.

Show replies
Show replies
Former Member
‎04-23-2009 3:27 PM
0 Kudos

Hi Kubra,

the solution is folloing:

since patch level 16, the command line tool 'sapgenpse' is able to

import key pairs in PKCS#12 format into PSEs (note 745063).

Please execute the command

sapgenpse import_p12 -h

to display the builtin help for the actual command syntax. The related

root certificate must be specified in this step.

For importing your prepared PSE into the system's database, you will

need to proceed as described in note 1178155.

That means (summary):

- copy the PSE where the PKCS#12 key pair had been imported onto

your workstation (PC)

- TA STRUSTcreate the SSL Server PSE, using the desired subject name

for the application server specific PSE (same as in the PKCS#12 cert.)- doubleclick the "File" icon in the PSE list (left hand side) and

select the PSE from your workstation (PC). that means import from menu.

- run the menu command "PSE --> Save as ..." and select the PSE type

SSL Server PSE

- finish the step and save the new SSL Server PSE.

- restart ICM, if it is not restarted automatically

Regards,

Jochen

Ask a Question