on 03-03-2010 9:32 AM
HI experts:
I have a problem importing a certificate in a web dispatcher. The error is the next:
import_own_cert: Installation of certificate failed
ERROR in ssf_install_CA_response: (1280/0x0500) No certficate with your public k
ey found
Iu00B4m trying importi a verysign certificate.
If i import a temporal certificate from sap page, it works correctly.
The verysign certificate is ok. It is .p7b. I open it and i have 2 certificates into the same file. One of them is with the name of the web dispatcher hostname, and the other: Very sign Class 3.... Both are valid, one of them to 2012 and the other to 2019.
The web dispatcher works between the sap netweaver portal in windows-oracle and the ECC 6.0 in windows-oracle.
The web dispatcher profile is the next:
SAPSYSTEMNAME = JEE
INSTANCE_NAME = WD05
SAPSYSTEM = 06
SAPGLOBALHOST = sapwep.madrid.informa
SAPLOCALHOSTFULL = sapwep.madrid.informa
DIR_INSTANCE=k:\usr\sap\wd\secudir
ssl/ssl_lib=k:\usr\sap\wd\secudir\sapcrypto.dll
ssl/server_pse = k:\usr\sap\wd\secudir\temporal.pse
#ms/https_port = 8101
wdisp/server_info_protocol = http
wdisp/ssl_encrypt = 0
wdisp/add_client_protocol_header = true
icm/HTTPS/verify_client = 0
icm/server_port_1 = PROT=HTTPS, PORT=60000
Example: SAPLOCALHOST=vwdisphost.sap.com
SAPLOCALHOST = sapwep.madrid.informa
#--- SAP Web Dispatcher-specific parameters
icm/server_port_0 = PROT=HTTP, PORT=8206,TIMEOUT=30,PROCTIMEOUT=600
rdisp/mshost = sapvsap.madrid.informa
ms/http_port = 8100
icm/HTTP/admin_0= PREFIX=/sap/wdisp/admin,DOCROOT=./admin
icm/max_conn = 16384
icm/max_sockets = 32768
wdisp/HTTP/max_pooled_con = 16000
wdisp/HTTPS/max_pooled_con = 16000
icm/req_queue_len = 6000
icm/min_threads = 100
icm/max_threads = 500
mpi/total_size_MB = 500
mpi/max_pipes = 20500
mpi/buffer_size = 32768
Iu00B4m trying to import it using:
K:\usr\sap\wd\secudir>sapgenpse import_own_cert -c K:\usr\sap\wd\secudir\certifi
cado.7b -p K:\usr\sap\wd\secudir\prueba.pse -c CA.cer
Can somebody help me?.
Thanks.
Ok. The ECC does not have SSL. The SSL connection is from the portal to the WD. The connection from de WD to de ECC is HTTP.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
the enviroment variable is k:\usr\sap\wd\secudir.
I donu00B4t know if it can be a problem with my pse. I generate it, after recibe the certificate. Becouse the project was begining by another partner. I donu00B4t know the pse, and req he uses for get the sign. I have a .csr file.
Iu00B4m lost. Thanks for your response.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
If the certifcate host(usually specified with wdisp/ssl_certhost) for the web dispatcher is the same as the hostname assigned to your ECC systems then you could simply copy the PSE from your ECC system to the web dispatcher and use that PSE. This is normally the way to do it to save having to create separate certificates for every application server.
Without the original pse there's not much you can do otherwise, sorry.
Nelis
If i change the order of the parameter it gives the same error:
K:\usr\sap\wd\secudir>sapgenpse import_own_cert -p K:\usr\sap\wd\secudir\prueba.
pse -c K:\usr\sap\wd\secudir\certificado.p7b -r ca.cer
Please enter PIN:
import_own_cert: Installation of certificate failed
ERROR in ssf_install_CA_response: (1280/0x0500) No certficate with your public k
ey found
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
K:\usr\sap\wd\secudir>sapgenpse import_own_cert -c K:\usr\sap\wd\secudir\certifi
cado.7b -p K:\usr\sap\wd\secudir\prueba.pse -c CA.cer
That doesn't look quite right.
It should be something along the lines of:
sapgenpse import_own_cert -p K:\usr\sap\wd\secudir\prueba.pse -c K:\usr\sap\wd\secudir\certifi
cado.7b -r CA.cer
Note the -r for CA root certificate. Although it should not be required for a PKCS#7 certificate to specify a CA root when importing as it should already have it included in the certificate. You can try importing without specifying the CA root too.
Nelis
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
89 | |
10 | |
9 | |
9 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.