12-16-2011 11:42 AM
Hello, experts!
Can your HELP me?
I try to configure client SSO with certificates.
I configure next parameters and settings on PI 7.11.
Install SAPCRYPTOlLIB for my AIX version, placing the ticket, sapgenpse, and libsapcrypto.o in the correct locations.
Profile settings:
ssl/pse_provider=JAVA
sec/libsapsecu=/usr/sap/<SID>/SYS/exe/run/libsapcrypto.o
ssf/ssfapi_lib=/usr/sap/<SID>/SYS/exe/run/libsapcrypto.o
ssf/name=SAPSECULIB
ssl/ssl_lib=/usr/sap/<SID>/SYS/exe/run/libsapcrypto.o
icm/server_port_2=PORT=5$(SAPSYSTEM)01,PROT=HTTPS
In NWA->Configuration Management->Security->Certificates and Keys create Key Storage ICM_SSL_<j2eeinstanceID>. Then Generate CRS Request, load this code to the service.sap.com/TCS, generate SSL Test Certificate and load to CRS Respone.
Now i can access my system on https. But when i try to log on wiht certificate and mask check box "Create Client Certificate". I`ll redirect to https://tcs.mysap.com/invoke/tc/usercert with error text:
"Error: Incorrect certificate request (CertReq)
One of the following reasons can cause this error:
- You call this service without CertReq
- Your CertReq is not valid or the signature is incorrect
- Your RA is not registered yet
- You apply for certificate within incorrect naming space
Please contact your system administrator.
"
Whats happen? Why my users couldn`t take certificate?
Please help...
12-19-2011 7:43 AM
Hello Konstantin,
Please follow the steps in the link:
http://help.sap.com/saphelp_nw70/helpdata/en/3b/6d04c7974743159e0eaeea2b40a537/frameset.htm
You need to use a PSE using the DSA algorithm as your Registartion Authority.
I hope this helps you.
Regards,
Blanca
12-22-2011 6:18 AM
Thank you, i check all my setting in steps http://help.sap.com/saphelp_nw70/helpdata/en/3b/6d04c7974743159e0eaeea2b40a537/frameset.htm
all, my settings matching.
Can anybody help me????
12-23-2011 7:44 AM
Hello Constantin,
I assume that you have done all the SSO configuration fine according to document, then you muct check that both system time are sync to each other.
Thanks & Regards,
Amit Barnawal