on 10-10-2010 8:59 PM
Hi, All
We want to use Webdispatcher (on windows) as a reverse proxy with SSL. I generated a request file with command at below
sapgenpse get_pse u2013s 2048 -p C:\usr\sap\FW0\W00\SAPSSLS.pse -r C:\usr\sap\FW0\W00\SAPSSLS.req "CN=portal.xxx.com, OU=xxx company"
sent to an authority and we got a response file.
sapgenpse import_own_cert -c C:\usr\sap\FW0\W00\SAPSSLS.crt -p C:\usr\sap\FW0\W00\SAPSSLS.pse -x pin
when I try to import to webdispatcher, I got an error message
import_own_cert: Sorry, but you didn't supply the filename of the CA Response
any idea
ABH
Hello ABH,
Thanks for the update. I am glad to know it solved the problem
Regards,
Blanca
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi everyone,
we have the same problem,
we change the key length from 1024 to 2048 like in these SCN thread
but the owner is not the same like the issuer. than we send the cert request to our provider and we got a new cert.
when we tried to import the new cert:
sapgenpse import_own_cert -p SAPSSLS.pse -c XXX.cer
following error occurs:
import_own_cert: Installation of certificate failed
ERROR in ssf_install_CA_response: (1280/0x0500) No certficate with your public k
ey found
thanks for any helps.
Regards,
Bianca
Hello ABH,
Can you try including the root certificate with the response ie :
import_own_cert -c <CA-reponse-file> -p <pse> -x <pin> -r <CA Root Cert> -r <CA certificate (intermediate)>
(there maybe an intermediate cert required - check the certificate path by opening the cert in windows and see if one is included as part of the signed certificate) and see if this works.
I hope this helps you.
Regards,
Blanca
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello ,
Please check below Prerequisites .
1. You have obtained the SAP Cryptographic Library.
2. The CA root certificate belonging to the issuer of the SAP J2EE Engineu2019s server certificate exists as a file in the file system in Privacy Enhanced Mail (PEM) or DER (binary) format.
And note the below things while setting profile parameters.
1. The parameter wdisp/ssl_cred is only necessary if wdisp/ssl_auth = 2.
2. Use the parameter wdisp/ssl_host if multiple servers in the backend use the same host name in their SSL server certificates (for example, www.mycompany.com).
Thanks
Dheeraj
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.