cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

validation problem in SAPLOGONTICKETKEYPAIR(SSO)

Go to solution
Former Member

on ‎08-20-2008 2:03 AM

0 Kudos

Hi Experts,

I have an SAP NW2004s on one Machine and R/3 on other machine and i want to enable SSO and from the Portal i i navigated to system administration>system config>Keystore admin-->SAPLOGONTICKETKEYPAIR

and when i click on down .der file and extract the .der to install certificate i can see "Valid From: Thu Jul 29 14:16:47 EDT 2009 and Valid to: Mon Jul 29 14:16:47 EDT 2030.How can i change the validation from current system time it is taking 2009 i am wondering why it is taking this?

Is there any way to change the validation period please suggest me.

Steps i followed till now

1)created the logon/create,and accept tickets in profile parameters

2) created a system entry in portal (http:hostname:50000/irj)-->System admin->System Config>System landscape>created new system in folder and alias and save.

3)When i click on save to desktop and check the certification validay i can see the error above

Please suggest me how to do it.

Regards,

Uday.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

mario_marschall
Participant
‎08-20-2008 9:18 AM
0 Kudos

Try creating a new Ticket-Keypair in Visual Admin. Open the "Key Storage"-Service, select "TicketKeystore", then press the "Create"-Button in the middle of the screen. First you should Delete the Keypair that's already there. In the new one you can enter "Valid From" and "Valid To" just the way you like it to be. If your old ticket is valid from 2009 maybe you should also check your present system time...

Show replies
Show replies
Former Member
‎08-20-2008 3:07 PM
0 Kudos

Hi Mario,

Thanks for the ur help and i really appriciate ur suggestion and i have one more doubt in creating a new Ticket. By default i can see

1)"SAPLogonTicketKeypair" with values of

PRIVATE KEY

[ creationDate ]: Thu Jul 29 14:16:48 EDT 2009

[ algorithm ]: DSA

[ format ]: PKCS#8

[ selfSigned ]:

[ DN ]: OU=J2EE,CN=DEV

[ issuerDN ]: OU=J2EE,CN=DEV

[ validNotBefore ]: Thu Jul 29 14:16:47 EDT 2009

[ validNotAfter ]: Mon Jul 29 14:16:47 EDT 2030

[ signAlgorithm ]: dsaWithSHA (1.2.840.10040.4.3)

[ fingerprint ]: 50:DE:82:77:68:96:28:F3:EC:5B:C4:A0:23:A2:07:CE

[ subjectKeyIdentifier ]: <none>

[ publicKey ]:

[ algorithm ]: DSA

[ format ]: X.509

2) "SAPLogonTicketKeypair-cert" with values of

CERTIFICATE

[ creationDate ]: Thu Jul 29 14:16:48 EDT 2009

[ DN ]: OU=J2EE,CN=DEV

[ issuerDN ]: OU=J2EE,CN=DEV

[ validNotBefore ]: Thu Jul 29 14:16:47 EDT 2009

[ validNotAfter ]: Mon Jul 29 14:16:47 EDT 2030

[ signAlgorithm ]: dsaWithSHA (1.2.840.10040.4.3)

[ fingerprint ]: 50:DE:82:77:68:96:28:F3:EC:5B:C4:A0:23:A2:07:CE

[ subjectKeyIdentifier ]: <none>

[ publicKey ]:

[ algorithm ]: DSA

[ format ]: X.509

can you explian me what is Certificate and Private Key (why i can see 2 of them) and while creating a new certificate do i need to do create both ? with same names "SAPLogonTicketKeypair,SAPLogonTicketKeypair-cert" again after deleting the existing one's

Regards,

Surya.

Answers (1)

Answers (1)

mario_marschall
Participant
‎08-20-2008 3:22 PM
0 Kudos

I'm not absolutely sure what the purpose of those two entries is. But I know for sure that you need the certificate to export it and import it into other systems, so you definitely should have both!

You don't need to create them seperately, though. Just delete both entries and create a new "SAPLogonTicketKeypair" with the same values you had before (exept "Valid from", of course!). Make sure you tick the box "Store Certificate" - this will create the "SAPLogonTicketKeypair-cert". Afterwards you can export it right from the Visual Administrator (just press the "Export"-button down below) or from your portal, like you did before.

Good Luck!

Show replies
Show replies
Former Member
‎08-20-2008 3:28 PM
0 Kudos

Thanks alot and i use the "store certificate" then i am done. Thanks for ur help

mario_marschall
Participant
‎08-20-2008 3:30 PM
0 Kudos

Glad I could help!

Ask a Question