on 01-20-2010 5:12 PM
Hi friends,
I need your help!!!
Recently we are implementing the change from HTTP to HTTPs protocol via SSL PSE encryption (via STRUST).
We are following the SAP note: Note 510007 - Setting up SSL on Web Application Server ABAP. Whe we create by first time the PSE for "SSL server Standard" node we write the following data.
Name: *.company.com (with my company name)
Org.(opt): Ixe Grupo Financiero
Comp./Org: Ixe
Country: MX
CA: (erroneously we deactivate this option)
We generated the cretificate request and import the certificate.
So now we probed the https service by an web page service: it showed an certificate error because it doesn´t recognize the authority of cretiticate. the functionality is Ok by ignoring this error.
We deleted the PSE for server and client.
To fix this error, we have tried to replace this PSE with a new, filling the entry CAwith a DN, and we follow all the process to implement the SSL PSE certificate.
The problem is that we still having the same certificate when the certificate error appears in WEB. We have restarted the ICM.
Whe don´t know what is happening, ower system is an CRM 7.0 with Kernel 7.01
Please help me !!
Thanks in advance
Enrique.
For furure reference: Please remember to "save as" on your certificate after you import a PSE.
http://help.sap.com/saphelp_nw04/helpdata/en/20/37c33ae8361838e10000000a11402f/frameset.htm
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
If you have really deleted and recreated the SSL PSE and restarted the ICM then it should work.
I have done it successfully numerous times.
You missed one point somewhere.
Do you have application servers ? Do you use a reverse proxy like a Web Dispatcher ?
Regards,
Olivier
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Really I appreciate your help.
I ´ve been investigating and I found that when the STRUST import the certificate it really updates. The problem is that the certificate contained information is updated bad, because it mix up the owner and the issuer Distiguished name but also the expiration date is setting up to 2038 and this expiration date in certificate is 2012.
the certificate format is PKCS #7 an size of encription is 1024.
I don´t know if there is some spetial procedure for this certificate format?
Do you have any idea?
Thanks in advance
Enrique.
Hi,
Really I appreciate your help.
I ´ve been investigating and I found that when the STRUST import the certificate it really updates. The problem is that the certificate contained information is updated bad, because it mix up the owner and the issuer Distiguished name but also the expiration date is setting up to 2038 and this expiration date in certificate is 2012.
the certificate format is PKCS #7 an size of encription is 1024.
I don´t know if there is some spetial procedure for this certificate format?
Do you have any idea?
Thanks in advance
Enrique.
Hi,
I don't completely understand what you did.
Here is what I would have done to recreate a new ssl server certificate.
STRUST --> SSL Server standard --> right click --> Delete --> Save
STRUST --> SSL Server standard --> right click --> create --> enter the new certificate data, choose "RSA", the key length.
You have created a self signed certificate (owner = issuer)
Create now the certificate signature request.
Send the certificate request to your certification authority.
I ask for a base 64 certificate.
If the signed certificate that you receive back contains a sub-CA and a root CA and not only a root CA, you have to create a new file including (in base 64) the 3 certificates (server certificate, sub CA certificate, Root Certificate ).
Then you import this file with the STRUST button "Import Cert. response".
The certificate should now be signes in the SSL server PSE. Press the SAVE button. Restart the ICM and you should be done !
Regards,
Olivier
Hi Enrique,
Have you tried this ?
Delete the cryptographic library files from the server..restart the server.....
Then copy the cryptographic library freshly and restar the server again. Then try to create the PSE.
Cheers.....,
Raghu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
76 | |
9 | |
8 | |
7 | |
6 | |
5 | |
5 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.