- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- Generating SSL Certificate Request with more than ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Generating SSL Certificate Request with more than 512 bits
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-25-2009 7:07 AM
Hi,
In our production BW system we are having SSL server certificate from a vendor and it was working so far without any issues and it getting expired soon. When we created new certificate request and sent to new vendor (our company is going for a new vendor from this time) they could not able to generate a response since they are expecting the request from our side to be
1024 bits after which we came to know from the note (509495) we need to insert two new parameters as follows:
sec/rsakeylengthdefault and sec/dsakeylengthdefault with 1024 as value and also we need to recreate the PSE to make this parameter activate and recreate the certificate request. Since we cannot do this in the running Production, we did the same type of scenario as testing in our quality BW system and recreated the certificate request and the vendor created a response and sent to us along with the root certificate and intermediate root certificate. We could able to export the Root and Intermediate CA certificates to the database but when we try to import the certificate response it is giving error as follows:
"CA certificate response cannot be imported"
We tried several combinations but it is giving same error everytime. The Release of the BW system in quality as well as productionis NW04 6.40 Kernel patch 196.
So we did similar testing in different BW system which is of Release NW04s 700 Kernel Patch 185 and it worked well.
Question: 1)Is there any restriction on NW04 system in terms of getting a certificate of more than 512 bits...
2) Is there anything else to be done apart from those 2 parameters before recreating the PSE ?
Thanks,
Murali.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-25-2009 3:50 PM
Yes, this is the expected behaviour.
The production system and the BW system do not share the same private key. This key is generated during the installation and is different for each installation.
What you can do is import the response in the BW system and then export the PSE to a file. Import the file into your production system. You'll have to make sure that the names in the X.509 certificate are correct, however.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-25-2009 6:44 PM
Hi Sietze,
I am not sure what you are mentioning (The production system and the BW system do not share the same private key ?), i know every PSE is different. My question is the response generated for 1024 bits is working fine on ECC system, BW 7.0 (BI) system but the one generated from the host which is still BW 3.5 we could not load the response. Question is is there anything different in terms of BW 7.0 or BI 7.0 versus BW 3.5 apart from the profile parameters pointing to 1024.
Thanks,
Murali.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-26-2009 1:45 AM
This is fixed, we need to put all 3 certificates (Server, Intermediate, Root) in one file or copy and paste all 3 in one attempt and it gets imported (SAP's help)
Thanks,
Murali.
- SAP Managed Tags:
- Security
