cancel
Showing results for 
Search instead for 
Did you mean: 

Error : Validity of certificate (...) PSE SSL ends in 1 day

Former Member
0 Kudos

Dear all,

I have a certificate problem with my WAS system.

<u>"Validity of certificate from list with PSE type >SSL Client (Standard)< ends in 1 day, for more information, see the SAP System Log (transaction SM21)"

</u>

==> I have a BSP website https://services.aquasambre.be/service which is using a certificate valid until June 14th 2006.

==> I go through transaction SM21, but there is no further information.

==> I go through transaction <b>STRUST</b>,

<b>> PSE System </b>

--> Red cross for "SNC (SAOCryptolib)

<b>> SSL Server</b>

--> Green (ok) but fields "begin/end of validity" are empty

<b>> SSL Client anonymous</b>

--> Green (ok) but fields "begin/end of validity" are empty

<b>> SSL Client standard</b>

--> Green (ok) but fields "begin/end of validity" are empty

==> I go through the amazing SAP documentation... "I'm a bit lost"

... Maybe have you already encountered this kind of problem... do you have an advice for me ?

Nico

PS : My problem occurs after installation of support packages.

PPS : Why are they all on holiday ??? ;o)

Accepted Solutions (1)

Accepted Solutions (1)

eddy_declercq
Active Contributor
0 Kudos

Hi,

That's strange and never had this problem.

Maybe you can check notes 588297 and 585762

Eddy

Former Member
0 Kudos

Thank's Eddy

Note 588297 : :o( ... the validity date of my certificate is valid until June 2006 ... maybe there are several certificates for my https service ; but I don't think it's the case.

Note 585762 : :o( ... we install the newest support packages last Friday, so this note is not the good one.

... I'm going through the numerous notes...

Nicolas

Former Member
0 Kudos

I have found where the cerficate fails :

using program SSF_ALERT_CERTEXPIRE -->

Client SSL (standard) SSLC DFAULT

Certificat personnel

CN=Client, OU=I0020211069, OU=SAP Web AS, O=SAP Trust Community, C=BE 01.01.2038

Liste des certificats (Lste Certif.)

1 = CN=extn12.nrb.be, OU=I0020211069, OU=SAP Web AS, O=SAP Trust Community, C=D 01.01.2038

<u> 2 = EMAIL=m-accweb@nrb.be, CN=vdeler, OU=nrb logiciels, O=nrb logiciels, L=hers <b>18.08.2005</b></u>

<i>I can have the same information using STRUST. </i>

So if I go through OSS note 499386, the solution seems to be "generate a new PSE (with the same name) and resend a certificate request to SAP"

--> Could someone tell me how I can send a request to SAP to renew the concerned certificate ?

eddy_declercq
Active Contributor
0 Kudos

Nicolas,

You need to let it sign by trusted CA of your choise. Have a look at

http://help.sap.com/saphelp_nw04/helpdata/en/e1/ad9080ded511d3a64d0000e835363f/content.htm

for the SAP CA. Alternatively you can self-sign it if the machine remains internal.

Have also a look at

http://help.sap.com/saphelp_nw04/helpdata/en/56/a92f3ae689f058e10000000a11402f/content.htm

Eddy

Answers (0)