on 10-08-2008 7:42 AM
Hello All,
We have enabled SSL on ABAP system.
Have generated the csr certificates.
We are purchasing the certificates from SAP (https://service.sap.com/tcs)
Issue:
1. In the SAP TCS site, it asks for a URL.
We placed the order having the ITS FQDN URL.
Example: Lets assume its -> https://dev.sap.com with
dev = server name & sap.com = domain
We got an email from SAP saying that it should be https://sap.com (includes just the domain and not the server name)
2. We went with SAP's suggestion & ordered for certificates.
3. We have uploaded them successfully in the ECC system but whenever we access this from portal (for ESS/MSS), we get a security prompt saying that dev.sap.com is not trusted and not a valid certificate
Please guide ...how should we resolve the issue.
Awaiting Reply.
Thanks,
Ritu
Did you order these certificates from SAP, or from one of the trusted root CA's? In order for the web browser to not pop a message about a trusted certificate authority, it must be in the root CA list for the browser. SAP is not a trusted root CA for web browsers.
Here is a list of the companies in Firefox, for example:
http://www.mozilla.org/projects/security/certs/included/
Here is a list for IE:
http://support.microsoft.com/kb/931125
There is a way in Windows/IE to install new CA's, but I am not a Windows server guru. Here is a Wiki entry from CAcert on adding new root CAs, but I know nothing about this process:
http://wiki.cacert.org/wiki/BrowserClients
Here is my basic rule of thumb for SSL certificates. If the certificate is going between user and server, it needs to be from a valid root CA, or you will get a popup. In non-prod environments, this is probably OK. In prod enviroments, you want a 'real' cert. If the communication is going server to server (ie RFC connections via SNC), you can build a self signed certificate or use the SAP one.
-rk
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.