cancel
Showing results for 
Search instead for 
Did you mean: 

SSL server certficate

Former Member
0 Kudos

HI All,

If i recreate SSL server PSE from the transaction with exactly the same details as before ,will that become a new certificate or the old PSE will get recreated (I mean will the CSR be same or change sincei need to get it certified by verisign without any extra cost )

For the old PSE when i try to import CSR its returning.I checked with Verisgn tech support and they say everything is fine in both the CSR and the response.

It returns the following error

"Cannot import certificate response

Message no. TRUST037

Diagnosis

The certificate response could not be imported into the PSE. You either selected an incorrect PSE (the certificate response can only be imported into the PSE from which the certificate request was generated), or the certificate response is incomplete.

Procedure

Check whether you selected the correct PSE to import the certificate response. Then you can import the certificate response in the following formats:

As a PKCS#7 package with complete certificate upward path. The PKCS#7 package must be Base64-coded, and have the header line -


BEGIN CERTIFICATE--- and the footer line -


END CERTIFICATE---.

Individual PEM-coded certificates (that is, Base64-coded with the header line -


BEGIN CERTIFICATE--- and the footer line -


END CERTIFICATE---), if the associated root certificate exists in the database. For an overview of the existing root certificates, use the "Import Certificate" function.

As a file with multiple PEM-coded certificates. In this case, the system automatically attempts to build a complete certificate upward path; all certificates not required for this are ignored. If certificates are missing (such as, if you are using an intermediate CA), you can extend the certificate response with additional PEM-coded certificates before the import."

In the workprocess trace file i found the following error Fri Dec 3 18:17:04 2010

Ssf_ParseCertificate: SsfCertfromASN1 failed with rc=12 (ASN.1-Len=4084)

Fri Dec 3 18:17:33 2010

GENER starting inline generation: SSO2ADMW (reason: explicit generation).

Fri Dec 3 18:17:40 2010

GENER starting inline generation: SSO2ADMU (reason: already local generations within LUW)

Accepted Solutions (0)

Answers (1)

Answers (1)

blanca_serrano
Advisor
Advisor
0 Kudos

Hello Madhav,

TRUST037 in most cases means, that the certificate you are trying to import into the PSE does not match the PSE, more precisely, the public keys in the PSE and in the certificate response are not the same.

Did you change the PSE in some way after creating the certificate

request?

In some cases (older support package levels) TRUST037 also refers to the certificate path not being complete. In that case, please proceed as descried in note 508307 and instead of importing the actual certificate response only, please import a combined certificate that contains the CA ROOT certificate as well as all used intermediate

certificates, making up the full certificate path (FCPath):

BEGIN CERTIFICATE

<encrypted part of the actual certificate response>

END CERTIFICATE

BEGIN CERTIFICATE

<encrypted part of the CA ROOT certificate>

END CERTIFICATE

BEGIN CERTIFICATE

<encrypted part of the CA intermediate certificate>

END CERTIFICATE

There can be more than one intermdiate certificate.

The sequence of the certificates should not matter.

I hope this helps you.

Regards,

Blanca

Former Member
0 Kudos

HI Blanca ,

I have not made any chnages to my certficate after applying .

Here I am using PKC7 format which contains all the intermediate and the root certficates .

Also I have sted with SAP NETCA 's test SSL server certficate and CSR response is getting imported but not the one by verisgn