Thanks Patrick,

Following are the instructions from Verisgn for installing SSL certificate, even Verisign support is unable to comment how to do Step 1 on SAP NW Java 700 for the first time.

Concerns:

1. Verisign doesn't know how can we execute Step1 on SAP NW Java through Visual Admin.

2. Verisign installation instructions doesn't say to install Verisign Root CA Certificate but SAP note 694290 speak about this.

3. SAP note 694290 is for installing Verisign CA Certificate once it is expired, but in our case we need to install it for the first time, so do we need to follow step 5 to 9 in case you are installing for the first time?

Would really appreciate if you can guide me further.

*******************

1. INTERMEDIATE CERTIFICATE ADVISORY:

You MUST install the VeriSign Secure Site certificates on your server together with your Certificate or it will not operate correctly.

If Microsoft IIS 5.0 or above was selected, you DO NOT need to install the intermediate certificates.

2. INSTALL CERTIFICATE:

For installation instructions for your SSL Certificate, go to:

https://www.verisign.com/support/ssl-certificates-support/install-ssl-certificate.html

3. CHECK INSTALLATION:

Ensure you have installed your certificate correctly at:

https://knowledge.verisign.com/support/ssl-certificates-support/index?page=certchecker

4. INSTALL THE VERISIGN SITE SEAL:

Additionally, as part of your Secure Site Service, you are entitled to display the VeriSign Secured Seal - recognized across the Internet and around the world as a symbol of authenticity, security, and trust - to build consumer confidence in your Web site.

Installation instructions for the VeriSign Secured® Seal can be found on the following link:

https://www.verisign.co.uk/ssl/secured-seal/index.html

***********************************

Thanks

Davinder

Hello Patrick,

Thanks for the information:

you created a keypair for SSL in the Key Store service interface in the Visual Administrator, generated a CSR response and sent it to Verisign. Now you have the CSR response from Verisign - is my understanding of the situation correct?

Absolutely right

You can import this into the Key Store service, by highlighting the private key of the keypair and choosing 'Import CSR Response'. Now your key pair is signed.

Successfully done.

After this i can see that PRIVATE KEY (IssueDN has been changed to Verisign)

But CERTIFICATE ISSUER DN is not changed.

Now if i try to access the site with https, able to do properly and if click on the Lock icon on the browser, i can see certificate is 3 Chained

Verisign Trial Secure Server Root CA - G2

----> Verisign Trial Secure Server CA - G2

----> -

So it looks to be working fine.

However there is no chain formed. You need to now follow the aforementioned note and export the private key and public key certificate separately by higlighting the private key and choosing 'Export'. Export with the 'Files of type' drop down box set to (*p8), and after exporting the private key you will be able to export the public key cert. This is step 6 and 7 of the note. Now follow steps 8-12 to form the chain

No Chains has been made in Visual Admin, and i tried these on another server - it works as you are saying.

But is there any benefit of importing Intermediate, Root Certificates - as mentioned in SAP note steps 8 to 12.

If yes, then is it mandatory to make the chain till 3rd level (means Root Certificate also).

Once the chain is loaded into the Key Store, you need to ensure that the Java dispatcher is configured to send the signed server certificate for the relevant SSL ports - see here http://help.sap.com/saphelp_nw04/helpdata/en/5c/15f73dd0408e5be10000000a114084/content.htm

Edited by: Julius Bussche on Aug 10, 2009 3:44 PM

code --> quote

Hi D P Singh ,

We are planning to install Verisign SSL certificate on NW 7 Java (Portal) System. Could you please share your experience and steps how can do that.

Thanks

Aravind

Hi DP singh

i want to apply SSL certificate for EP 7.0 MSCS.

can you tell me the steps to configure

which CA is to buy?

thanks alot

Aravinda, Rao

We are using Verisign SSL certificate.

1. Generate the Certificate - please make sure that all necessary fields are entered ortherwise the CSR request will not be accepted by Verisign. In my case example is:

CN = test.com

OU=UK

O=TEST

L=London

ST=London

C=GB

2. Get the CSR request and get it signed from Verisign.

3. Import CSR Response.

4.Follow SAP note 694290 under section - Apply to SAP J2EE Server 6.30

As per understanding for MSCS environment, there should not be extra step.

Davinder

Hi Davinder,

Thanks for your response. It could be nice if you write a blog on this topic. It would be really helpful for SDN community.

Thanks

Aravind