Skip to Content
0
Former Member
May 07, 2013 at 10:40 AM

X.509 Certificate and SAP Server certificate

290 Views

Hi Team,

We have configured SAP Netweaver SSO 1.0(using X.509 certificate) on our SAP system. We have used only secure login library and secure login client( Without secure login server) . We are about to complete the configuration but stuck with up X.509 certificate. SNC is activated on SAP system.

As of now, we have completed below steps:

Install Secure login library:

1. Installed SLL on SAP application server

2.Environment variable SECUDIR is set properly

3.Test Secure login library is working fine. Output of snc is shown below.

Product version : Secure Login Library 1.0 SP 4 Patch 3

: CryptoLib 8.3.7.11

: aix-6.1-ppc-64

GSS library : available

GSS library name : libsecgss.so

PSE directory : (existing) /usr/sap/GO0/DVEBMGS00/sec

PSE file : (existing) /usr/sap/GO0/DVEBMGS00/sec/pse.zip

STRUST cred file : (existing) /usr/sap/GO0/DVEBMGS00/sec/cred_v2

SNC config file : (existing) /usr/sap/GO0/DVEBMGS00/SLL/gss.xml

PSE accessible : yes

PSE logged in : yes

PSE credentials : MasterPassword SystemDefault

Kerberos keyTab : Not existing

------------------------------------------------------------------------------

SNC keys registered : 1 entries

1: STRUST certificate CN=GO0, OU=SAP Security, O=SAP Trust Community

Trusted certificates:

from STRUST :

1: CN=GO0, OU=SAP Security, O=SAP Trust Community

4. SAP Parameter configuration

5.Import X.509 Certificate

We have SAP server certificate response signed by CA. So we have exported SAP server certificate in PSE format and imported on system PSE. Is this correct way of importing X.509 certificate into SAP system?

Install secure login client:

1.Installed SLC

2.Configured X.509 Certificate SNC Name in SAP GUI

3.User mapping in SU01 - X.509 Certificate

I assume that X.509 certificate to be available to all user station and it should be visible in secure login client. Do I need to provide SAP server certificate( .cer) to CA team to publish to all users station. ie Microsoft Certificate Store

Is both SAP server certificate signed by CA and X.509 certificate same?

While importing X.509 certificate into SAP system, I have followed below steps. Is it correct?


We have SAP server certificate response signed by CA. So we have exported SAP server certificate in PSE format and imported on system PSE.

Please advice.

Thanks !