on 08-17-2005 8:32 AM
Dear all,
I have a certificate problem with my WAS system.
<u>"Validity of certificate from list with PSE type >SSL Client (Standard)< ends in 1 day, for more information, see the SAP System Log (transaction SM21)"
</u>
==> I have a BSP website https://services.aquasambre.be/service which is using a certificate valid until June 14th 2006.
==> I go through transaction SM21, but there is no further information.
==> I go through transaction <b>STRUST</b>,
<b>> PSE System </b>
--> Red cross for "SNC (SAOCryptolib)
<b>> SSL Server</b>
--> Green (ok) but fields "begin/end of validity" are empty
<b>> SSL Client anonymous</b>
--> Green (ok) but fields "begin/end of validity" are empty
<b>> SSL Client standard</b>
--> Green (ok) but fields "begin/end of validity" are empty
==> I go through the amazing SAP documentation... "I'm a bit lost"
... Maybe have you already encountered this kind of problem... do you have an advice for me ?
Nico
PS : My problem occurs after installation of support packages.
PPS : Why are they all on holiday ??? ;o)
Hi,
That's strange and never had this problem.
Maybe you can check notes 588297 and 585762
Eddy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank's Eddy
Note 588297 : :o( ... the validity date of my certificate is valid until June 2006 ... maybe there are several certificates for my https service ; but I don't think it's the case.
Note 585762 : :o( ... we install the newest support packages last Friday, so this note is not the good one.
... I'm going through the numerous notes...
Nicolas
I have found where the cerficate fails :
using program SSF_ALERT_CERTEXPIRE -->
Client SSL (standard) SSLC DFAULT
Certificat personnel
CN=Client, OU=I0020211069, OU=SAP Web AS, O=SAP Trust Community, C=BE 01.01.2038
Liste des certificats (Lste Certif.)
1 = CN=extn12.nrb.be, OU=I0020211069, OU=SAP Web AS, O=SAP Trust Community, C=D 01.01.2038
<u> 2 = EMAIL=m-accweb@nrb.be, CN=vdeler, OU=nrb logiciels, O=nrb logiciels, L=hers <b>18.08.2005</b></u>
<i>I can have the same information using STRUST. </i>
So if I go through OSS note 499386, the solution seems to be "generate a new PSE (with the same name) and resend a certificate request to SAP"
--> Could someone tell me how I can send a request to SAP to renew the concerned certificate ?
Nicolas,
You need to let it sign by trusted CA of your choise. Have a look at
http://help.sap.com/saphelp_nw04/helpdata/en/e1/ad9080ded511d3a64d0000e835363f/content.htm
for the SAP CA. Alternatively you can self-sign it if the machine remains internal.
Have also a look at
http://help.sap.com/saphelp_nw04/helpdata/en/56/a92f3ae689f058e10000000a11402f/content.htm
Eddy
User | Count |
---|---|
83 | |
24 | |
12 | |
9 | |
7 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.