cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Cannot replace or delete the PSE for https

Former Member

on ‎01-20-2010 5:12 PM

0 Kudos

Hi friends,

I need your help!!!

Recently we are implementing the change from HTTP to HTTPs protocol via SSL PSE encryption (via STRUST).

We are following the SAP note: Note 510007 - Setting up SSL on Web Application Server ABAP. Whe we create by first time the PSE for "SSL server Standard" node we write the following data.

Name: *.company.com (with my company name)

Org.(opt): Ixe Grupo Financiero

Comp./Org: Ixe

Country: MX

CA: (erroneously we deactivate this option)

We generated the cretificate request and import the certificate.

So now we probed the https service by an web page service: it showed an certificate error because it doesn´t recognize the authority of cretiticate. the functionality is Ok by ignoring this error.

We deleted the PSE for server and client.

To fix this error, we have tried to replace this PSE with a new, filling the entry CAwith a DN, and we follow all the process to implement the SSL PSE certificate.

The problem is that we still having the same certificate when the certificate error appears in WEB. We have restarted the ICM.

Whe don´t know what is happening, ower system is an CRM 7.0 with Kernel 7.01

Please help me !!

Thanks in advance

Enrique.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎04-28-2011 3:01 PM
0 Kudos

For furure reference: Please remember to "save as" on your certificate after you import a PSE.

http://help.sap.com/saphelp_nw04/helpdata/en/20/37c33ae8361838e10000000a11402f/frameset.htm

Show replies
Show replies
Former Member
‎01-21-2010 9:21 AM
0 Kudos

Hi,

If you have really deleted and recreated the SSL PSE and restarted the ICM then it should work.

I have done it successfully numerous times.

You missed one point somewhere.

Do you have application servers ? Do you use a reverse proxy like a Web Dispatcher ?

Regards,

Olivier

Show replies
Show replies
Former Member
‎01-21-2010 6:15 PM
0 Kudos

Hi,

Really I appreciate your help.

I ´ve been investigating and I found that when the STRUST import the certificate it really updates. The problem is that the certificate contained information is updated bad, because it mix up the owner and the issuer Distiguished name but also the expiration date is setting up to 2038 and this expiration date in certificate is 2012.

the certificate format is PKCS #7 an size of encription is 1024.

I don´t know if there is some spetial procedure for this certificate format?

Do you have any idea?

Thanks in advance

Enrique.

Former Member
‎01-21-2010 6:15 PM
0 Kudos

Hi,

Really I appreciate your help.

I ´ve been investigating and I found that when the STRUST import the certificate it really updates. The problem is that the certificate contained information is updated bad, because it mix up the owner and the issuer Distiguished name but also the expiration date is setting up to 2038 and this expiration date in certificate is 2012.

the certificate format is PKCS #7 an size of encription is 1024.

I don´t know if there is some spetial procedure for this certificate format?

Do you have any idea?

Thanks in advance

Enrique.

Former Member
‎01-22-2010 2:15 PM
0 Kudos

Hi,

I don't completely understand what you did.

Here is what I would have done to recreate a new ssl server certificate.

STRUST --> SSL Server standard --> right click --> Delete --> Save

STRUST --> SSL Server standard --> right click --> create --> enter the new certificate data, choose "RSA", the key length.

You have created a self signed certificate (owner = issuer)

Create now the certificate signature request.

Send the certificate request to your certification authority.

I ask for a base 64 certificate.

If the signed certificate that you receive back contains a sub-CA and a root CA and not only a root CA, you have to create a new file including (in base 64) the 3 certificates (server certificate, sub CA certificate, Root Certificate ).

Then you import this file with the STRUST button "Import Cert. response".

The certificate should now be signes in the SSL server PSE. Press the SAVE button. Restart the ICM and you should be done !

Regards,

Olivier

Former Member
‎01-21-2010 7:28 AM
0 Kudos

Hi Enrique,

Have you tried this ?

Delete the cryptographic library files from the server..restart the server.....

Then copy the cryptographic library freshly and restar the server again. Then try to create the PSE.

Cheers.....,

Raghu

Show replies
Show replies
Ask a Question