09-15-2009 6:53 AM
Hey Folks,
the following happened to me (all WEB AS Java):
I created a new entry in the Key Storage service in the service_ssl view. Unfortunately I forgot to activate the "Store Certificate" checkbox. Now I do not have a public key certificate to distribute to other servers. The private key has been signed by the CA in the meanwhile and I do not want to go through the whole process again...
Does anybody know a way how to generate this public key lateron?
Regards,
Bastian
09-15-2009 9:06 PM
Hi Bastian,
Click on your Private Key Certificate in Key store. Click on Create
Enter the details as given in the private key certificate.
Make sure you give the same name as the name given while creating the Private Key in the field "Entry Name"
Now do not forget to select Store Certificate.
This will create a public key for the Private Key already existing.
Hope this helps. Revert if any doubts.
Best Regards
Raghu.
09-15-2009 9:06 PM
Hi Bastian,
Click on your Private Key Certificate in Key store. Click on Create
Enter the details as given in the private key certificate.
Make sure you give the same name as the name given while creating the Private Key in the field "Entry Name"
Now do not forget to select Store Certificate.
This will create a public key for the Private Key already existing.
Hope this helps. Revert if any doubts.
Best Regards
Raghu.
09-18-2009 6:42 AM
Hi Raghu,
unfortunately this overwrites the entry that has already been signed by the CA and creates a new private key.
Perhaps I did something wrong?
Kind regards,
Bastian
09-18-2009 8:33 AM
I think there is an easier solution: select the private key in Key Storage service, click "Export" button and select pkcs8. Then write a name for the private key and press "OK". Then you'll be asked to write down the name of the first certificate in the chain, then after you press OK you'll be asked for the name of the next one in the chain and so on until you reach the root certificate. This way you can get the certificate you need.
Hope this can help
regards
Simon
Edited by: Simon Xu on Sep 18, 2009 9:35 AM
09-18-2009 9:57 AM
Hi Simon,
the root certificate is the certificate of the CA.
What I need is the certificate (public key) generated from my private key.
Can this be done after the private key has been created?
Regards,
Bastian
09-18-2009 10:44 AM
Hi Bastian,
Have you already imported the CA response ??
Recreate the private/public key pair with the same details as given previously. The fingerprint should remain the same. Try to import the response after this. If you are not able to import the response, then you can ask the CA to change the csr and provide a new response.
I dont think we can generate a public with an existing private key (in SAP atleast as of my knowledge) as these gets created simulteneously. I am looking for an option. I will update if i find any route to do it.
Best Regards
Raghu.