cancel
Showing results for 
Search instead for 
Did you mean: 

Installation of HTTPS Wildcard Certificate on JAVA and ABAP

daniel_rothmund
Participant
0 Kudos

Hello,

we would buy a https wildcard certificate for all our sap server. Have anybody a short howto for the installation ?

f.e. How does I export the private.key from Java to the ICM of ABAP ?

Accepted Solutions (0)

Answers (2)

Answers (2)

0 Kudos

Hello,

We had the scenario as well that we have purchased a Root-CA signed wildcard certificate for our domain. Most instructions found on the web are about getting a signed certificate via CSR (certificate signing request), which means that the self-signed certificate gets signed by a Root-CA.
Our challenge was to get the already existing SSL server certificate into the ABAP stacks STRUST.

The following notes give a good guideline:
https://launchpad.support.sap.com/#/notes/3040959
https://launchpad.support.sap.com/#/notes/2148457
https://launchpad.support.sap.com/#/notes/1473710

Briefly, the procedure is like

  • Certificate file must be present as PFX, password is known. If you got a .crt and .key file it has to be converted.
  • Using sapgenpse from the „SAP COMMONCRYPTOLIB 8“ the PFX is converted into a PSE. Use full patch for the -p parameter, add -r parameter for eventuelly unknown CA Roots. Error messages will guide you.
  • It is possible to add a password while generating the PSE file. If a password is used, it has to be entered multiple times during the subsequent steps.
  • Use STRUST, double click on "File" (lower left) to load and display the PSE, and note down the entry in "Subject" (this is what's called DN in the above referred notes)
  • In STRUST, for SSL Server Standard, right-click and "replace", enter as "Subject" the one that you have noted for the generated PSE.
  • To import, call STRUST, double click on "File" (lower left), then open the PSE file again, then call PSE -> Save as -> SSL Server Standard.
  • In case the STRUST SSL Server Standard contains any instance-specific entries, they have to be removed so that the SSL Server Standard main entry is used. Right-click on SSL Server Standard, then „Change“, then remove the instance specific entries if present

Good luck & best regards
Peter Mueller

sadiq1860
Explorer
0 Kudos

It worked for me. Thank you Peter Mueller.

Former Member
0 Kudos

Hi

I'm not sure i understand your question.

In order to configure HTTPS in your ABAP server:

[http://help.sap.com/saphelp_crm60/helpdata/en/65/6a563cef658a06e10000000a11405a/frameset.htm|http://help.sap.com/saphelp_crm60/helpdata/en/65/6a563cef658a06e10000000a11405a/frameset.htm]

Regards

Adi J.

daniel_rothmund
Participant
0 Kudos

Thanks for you response but this not help ...

For a wildcard certificate all systems must have the same private.key . So I have create the private.key and the certificate on a sap nw java system. Now I must import the private key in den ABAP System so that the icm hast the same private key.

But I have no solution for this.

Regards

Daniel

Former Member
0 Kudos

Is your problem with exporting the certificate from the JAVA server or the import process to the ABAP server ? (or both ?)

What is your final goal ? Do you want JAVA server to access ABAP WAS using https ?

daniel_rothmund
Participant
0 Kudos

Hello ,

the problem is to import the private key from the java server in the abap stack (strust)

The exportetd private key ist type *.p12 and when I click on the SSL PSE Server an say import .

And the I select the p12 file it comes the popup for the password and when I insert the correct password. It comes error can't read certificate.

Regards

Former Member
0 Kudos

Are you sure you need the private key and not the certificate ?

daniel_rothmund
Participant
0 Kudos

Hello ,

I think need both for a wildcard certificate.

the certificate is a Thawtes SSL123.

Former Member
0 Kudos

Try to export the Certificate and not the private.

This way you will have a .CERT file which suppose to be imported without a problem.

Former Member
0 Kudos

Try both file types:

.crt (x509) and also try with .CERT (base64)