cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Webdispatcher doesnt offer CA certificate

former_member690273
Explorer

on ‎08-24-2010 9:44 AM

0 Kudos

Hi all,

I would like to use SSL in WD with CA certificate offering.

My configuration of WD is:

Web -> HTTPS -> Webdispatcher -> HTTP -> Backend WebAS

and it works right.

We would like to offer visitors of our webpages show/install our CA certificate too.

We have two files:

our_certificate.p12

CA_certificate.cer

For generating PSE we have used:

sapgenpse import_p12 -z <password for PKCS#12 file> -r CA_certificate.cer -p MY_APP-pse our_certificate.p12

without errors.

We have creaqted credentials for new PSE.

But If I came with webbrowser to our webpages, webdispatcher offers only our_certificate, not CA_certificate.

Can anyone help me please ?

Thank you

PS: Sorry for my poor English

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

nelis
Active Contributor
‎08-25-2010 7:44 AM
0 Kudos

Hi,

What you have done sounds correct except a PKCS file usually contains the root certificate so I would check whether the signed certificate you have is correct. Check with: sapgenpse get_my_name -v -p MY_APP-pse ...it should show a PKRoot certificate in most cases.

If your backend Web AS is using the same certificate as your web dispatcher then you could always create the certificate in STRUST on SAP and then copy the resulting PSE file to your web dispatcher. This way you don't have to be concerned with any sapgense commands.

Nelis

PS: Your English is better than some English speaking people I've seen post here

Show replies
Show replies
former_member690273
Explorer
‎09-03-2010 8:45 AM
0 Kudos

I have tried sapgenpse get_my_name -v -p MY_APP-pse and it writes:

Opening PSE "PSEFILE"...

PSE (v2) open ok.

Retrieving my certificate... ok.

Getting requested information... ok.

SSO for USER "xxxadm"

with PSE file "PSEFILE"

MY Certificate:

-

Subject : some text1

Issuer : some text2

Serialno: 7E

KeyInfo : RSA, 2048-bit

Validity - NotBefore: Tue Jul 28 16:16:20 2009 (090728211620Z)

NotAfter: Wed Aug 1 16:16:20 2012 (120801211620Z)

-

No additional FCPath.

PKRoot Certificate:

-

Subject : some text2

Issuer : some text2

Serialno: B0:01:68:F7:09:58:C6:68

KeyInfo : RSA, 1024-bit

Validity - NotBefore: Mon Jun 4 16:18:23 2007 (070604211823Z)

NotAfter: Thu Jun 1 16:18:23 2017 (170601211823Z)

-

"Italics" replace private texts.

So I think that we have the RootCA cert installed correctly, but visitors cannot find this.

Any suggestions?

nelis
Active Contributor
‎09-03-2010 9:14 AM
0 Kudos

Perhaps you have not set the parameter "wdisp/ssl_certhost" correctly or at all (depends on configuration too) ? It should be assigned the FQDN as in the certificate.

Run ./sapwebdisp -checkconf pf=<webdisp profile> and look for any errors.

Nelis

former_member690273
Explorer
‎09-03-2010 12:02 PM
0 Kudos

Our WebDispatcher use internet-HTTPS-WD-HTTP-backend SAP solution . So we havent configured wdisp/ssl_certhost at all.

-checkconf returns no warnings, no errors.

nelis
Active Contributor
‎09-03-2010 12:26 PM
0 Kudos

Does your browser contain the Root Certificate of your CA ? Most browsers would have all the common CA root certificates installed already but perhaps your CA is not common(or your browser is just missing it) ? Try adding it if it doesn't exist already and see if that helps.

Nelis

former_member690273
Explorer
‎09-03-2010 12:36 PM
0 Kudos

Our CA certificate has as its root CA certificate itself.

Edited by: Daniel Krbecek on Sep 3, 2010 1:38 PM

Former Member
‎08-24-2010 10:39 PM
0 Kudos

Hi ,

Can you make sure all the parameters are correctly maintained .

Also make sure SECUDIR environment variable set to K:\usr\sap\wd\secudir

Below tags might help you,

Note 518942 - How to sign inqmy certificate by a CA for HTTPS

http://help.sap.com/saphelp_47x200/helpdata/en/d8/a922d7f45f11d5996e00508b5d5211/frameset.htm

Regards

Nagaraju

Show replies
Show replies
former_member690273
Explorer
‎08-25-2010 7:17 AM
0 Kudos

Hi,

I dont know if you understand me...

My WD (HTTPS) settings works fine. Everything works (SSL), but visitors cannot see an CA root certificate. However I have imported it with WD SSL certificate by program sapgenpse.

Can be the problem with certificate itself ? Im a newbie in "certificating branch". Should I import certificate p12 with imported root CA certificate?

Thank you for advice

Ask a Question