cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSL certificate import error

Former Member

on ‎10-10-2010 8:59 PM

0 Kudos

Hi, All

We want to use Webdispatcher (on windows) as a reverse proxy with SSL. I generated a request file with command at below

sapgenpse get_pse u2013s 2048 -p C:\usr\sap\FW0\W00\SAPSSLS.pse -r C:\usr\sap\FW0\W00\SAPSSLS.req "CN=portal.xxx.com, OU=xxx company"

sent to an authority and we got a response file.

sapgenpse import_own_cert -c C:\usr\sap\FW0\W00\SAPSSLS.crt -p C:\usr\sap\FW0\W00\SAPSSLS.pse -x pin

when I try to import to webdispatcher, I got an error message

import_own_cert: Sorry, but you didn't supply the filename of the CA Response

any idea

ABH

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

blanca_serrano
Advisor
Advisor
‎10-13-2010 7:55 AM
0 Kudos

Hello ABH,

Thanks for the update. I am glad to know it solved the problem

Regards,

Blanca

Show replies
Show replies
Former Member
‎04-06-2011 10:37 AM
0 Kudos

Hi Blanca

I HAve the same problem, please let us know from where I can get CA certificate (intermediate)

Thanks and Regards,

Vishal

Former Member
‎07-10-2014 9:58 AM
0 Kudos

Hi everyone,

we have the same problem,

we change the key length from 1024 to 2048 like in these SCN thread

but the owner is not the same like the issuer. than we send the cert request to our provider and we got a new cert.

when we tried to import the new cert:

sapgenpse import_own_cert -p SAPSSLS.pse -c XXX.cer

following error occurs:

import_own_cert: Installation of certificate failed

ERROR in ssf_install_CA_response: (1280/0x0500) No certficate with your public k

ey found

thanks for any helps.

Regards,

Bianca

blanca_serrano
Advisor
Advisor
‎10-11-2010 8:15 AM
0 Kudos

Hello ABH,

Can you try including the root certificate with the response ie :

import_own_cert -c <CA-reponse-file> -p <pse> -x <pin> -r <CA Root Cert> -r <CA certificate (intermediate)>

(there maybe an intermediate cert required - check the certificate path by opening the cert in windows and see if one is included as part of the signed certificate) and see if this works.

I hope this helps you.

Regards,

Blanca

Show replies
Show replies
Former Member
‎10-11-2010 8:43 AM
0 Kudos

Hi, Blanca

when I double click cert reponse I have popup message "Invalid Public Key Security Object File -- this file is invalid for use as the following : Security Certificate."

which one is CA Root Cert?

thanks

Regards

ABH

Former Member
‎10-11-2010 8:47 AM
0 Kudos

Hello ,

Please check below Prerequisites .

1. You have obtained the SAP Cryptographic Library.

2. The CA root certificate belonging to the issuer of the SAP J2EE Engineu2019s server certificate exists as a file in the file system in Privacy Enhanced Mail (PEM) or DER (binary) format.

And note the below things while setting profile parameters.

1. The parameter wdisp/ssl_cred is only necessary if wdisp/ssl_auth = 2.

2. Use the parameter wdisp/ssl_host if multiple servers in the backend use the same host name in their SSL server certificates (for example, www.mycompany.com).

Thanks

Dheeraj

Former Member
‎10-13-2010 7:54 AM
0 Kudos

Hi, Blanca

I need to import Root and subroot cert too.

import_own_cert -c <CA-reponse-file> -p <pse> -x <pin> -r <CA Root Cert> -r <CA certificate (intermediate)>

solved my problem

Thanks

ABH

Ask a Question