cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSL certificate for ABAP system..Please guide

Former Member

on ‎10-08-2008 7:42 AM

0 Kudos

Hello All,

We have enabled SSL on ABAP system.

Have generated the csr certificates.

We are purchasing the certificates from SAP (https://service.sap.com/tcs)

Issue:

1. In the SAP TCS site, it asks for a URL.

We placed the order having the ITS FQDN URL.

Example: Lets assume its -> https://dev.sap.com with

dev = server name & sap.com = domain

We got an email from SAP saying that it should be https://sap.com (includes just the domain and not the server name)

2. We went with SAP's suggestion & ordered for certificates.

3. We have uploaded them successfully in the ECC system but whenever we access this from portal (for ESS/MSS), we get a security prompt saying that dev.sap.com is not trusted and not a valid certificate

Please guide ...how should we resolve the issue.

Awaiting Reply.

Thanks,

Ritu

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

randall_king2
Explorer
‎10-09-2008 2:35 PM
0 Kudos

Did you order these certificates from SAP, or from one of the trusted root CA's? In order for the web browser to not pop a message about a trusted certificate authority, it must be in the root CA list for the browser. SAP is not a trusted root CA for web browsers.

Here is a list of the companies in Firefox, for example:

http://www.mozilla.org/projects/security/certs/included/

Here is a list for IE:

http://support.microsoft.com/kb/931125

There is a way in Windows/IE to install new CA's, but I am not a Windows server guru. Here is a Wiki entry from CAcert on adding new root CAs, but I know nothing about this process:

http://wiki.cacert.org/wiki/BrowserClients

Here is my basic rule of thumb for SSL certificates. If the certificate is going between user and server, it needs to be from a valid root CA, or you will get a popup. In non-prod environments, this is probably OK. In prod enviroments, you want a 'real' cert. If the communication is going server to server (ie RFC connections via SNC), you can build a self signed certificate or use the SAP one.

-rk

Show replies
Show replies
Ask a Question