cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSL Issue

Former Member

on ‎08-26-2011 10:30 AM

0 Kudos

Hi,

We followed the process to configure SSL using the following link:

http://help.sap.com/saphelp_nwce711/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm

After importing the CSR , its giving license expiry error.

But we used a SSL Server Test Certificate from support portal which has a validity of eight weeks.

I think it is conflicting with some of the certificates which are already present for another server.

So, how to use this new certificate. We have already deleted the existing certificates in the keystore view

icm_ssl_345723_50301 and created new entry, Generated the CSR and imported the CSR which we got from the support portal. But also facing the same issue.

So, please help in how to use the current certificate.

Regards,

Mounika.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

hemanth2
Product and Topic Expert
Product and Topic Expert
‎08-28-2011 8:55 PM
0 Kudos

Dear Mounika,

Hope you are doing good.

Check:

Generating the certificate request,

[http://help.sap.com/saphelp_nw70ehp1/helpdata/en/40/98e026df1448bfe10000000a114cbd/content.htm]

Importing certificates,

[http://help.sap.com/saphelp_nw70ehp1/helpdata/en/40/98df8ddf1448bfe10000000a114cbd/frameset.htm]

Also I would request you to check all the configurations for SSL as documented in :

[http://help.sap.com/saphelp_nw04/helpdata/de/f1/2de3be0382df45a398d3f9fb86a36a/content.htm]

and

[https://wiki.sdn.sap.com/wiki/display/EP/ConfiguringtheUseofSSLontheSAPJ2EE+Engine]

Thank you and have a nice day :).

_____________

Kind Regards,

Hemanth

SAP AGS

Show replies
Show replies
Former Member
‎08-29-2011 7:46 AM
0 Kudos

Hi,

The default certificates were generated to some other server, the host name is different in them, so we have deleted those and created new entries and specified the fqdn of the server, generated the csr and imported the response still facing the issue "The entry expired" for the private key.

The details are follows:

Can anyone help in, why there are 2 certificates in the private key entry?

The validity of certificate[1] is expired. So what is that certificate and how to solve this issue.

The view is:

=============

icm_ssl_345723_50301

The entries are:

=============

Status Name Entry type Algorithm Valid From Valid TO

red ssl credentials Private Key RSA Fri,Aug 26,2011 Tue, Oct 25,2011 (Entry expired status)

green ssl credentials-cert Certificate RSA Fri Aug 26,2011 Tue, Aug 26,2031

Entry details:

==============

PRIVATE KEY entry

Creation date : Fri Aug 26 10:23:32 GMT+05:30 2011 (26 Aug 2011 04:53:32 GMT)

Version: : PKCS#8 RSA

Key Size : 1024 bits

Certificate[0] -

Version : ver.3 X.509

Algorithm : RSA

Key Size : 1024 bits

Subject name : CN=vpuns2psezpu-03.ad.xxxx.com,L=BANGALORE,OU=Server,O=SAP Trust Community,C=DE

Issuer name : CN=Server CA,OU=Server,O=SAP Trust Community,C=DE

Serial number : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Signature Algorithm : sha1WithRSAEncryption

Validity:

not before : Fri Aug 26 09:20:48 GMT+05:30 2011 (26 Aug 2011 03:50:48 GMT)

not after : Tue Oct 25 09:20:48 GMT+05:30 2011 (25 Oct 2011 03:50:48 GMT)

Public key fingerprint : xxxxxxxxxxxxxxxxxxxxxxx

Certificate fingerprint(MD5): xxxxxxxxxxxxxxxxxxxxxxxx

Certificate extensions :

[critical]

BasicConstraints: CA: no

KeyUsage: digitalSignature | nonRepudiation | keyEncipherment | dataEncipherment

[non critical]

SubjectKeyIdentifier: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

ExtendedKeyUsage: KeyPurposeId 0: TLS Web server authentication

Certificate[1] -

(Because of this certificate invalidity its giving expiry status)

Version : ver.3 X.509

Algorithm : RSA

Key Size : 1024 bits

Subject name : CN=Server CA,OU=Server,O=SAP Trust Community,C=DE

Issuer name : CN=Server CA,OU=Server,O=SAP Trust Community,C=DE

Serial number : x

Signature Algorithm : sha1WithRSAEncryption

Validity:

not before : Tue Jul 18 15:30:00 GMT+05:30 2000 (18 Jul 2000 10:00:00 GMT)

not after : Sun Jul 18 15:30:00 GMT+05:30 2010 (18 Jul 2010 10:00:00 GMT)

Public key fingerprint : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Certificate fingerprint(MD5): xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Certificate extensions :

[critical]

BasicConstraints: CA: yes

KeyUsage: digitalSignature | nonRepudiation | keyEncipherment | dataEncipherment | keyCertSign | cRLSign

[non critical]

SubjectKeyIdentifier: x

SubjectAltName: uniformResourceIdentifier: http://service.sap.com/TCS

Former Member
‎08-26-2011 1:32 PM
0 Kudos

Hi,

Kindly do find the below steps.

When we install SAP ABAP+JAVA (or) JAVA we get SSL Certificates by default i.e. 2

1) First you take a backup of these 2 Certs.

2) Delete these 2 Certs.

3) There you can find "Generate CER" here you need to key t

he inputs like (a) SID (b) hostname (c) location etc ... finally save this cert in the naming convection of the deleted ones.

4) You need to go to the service market place and select "TCS" i..e Trust Center and select the systems based on your requirement like ABAP+JAVA,JAVA. Copy the CERT i..e from Begin Cert and End Cert and paste and generate the TCS CERT KEY.

5) By default the license lasts for 1 year.

6) Go to Keystore and upload the CERT

7) Try with https and this has to be worked

Note:- I have given an overview for X509 Cert and kindly dig in with process clicks.

With Regards,

Prashanth Gali

Show replies
Show replies
Former Member
‎08-26-2011 2:03 PM
0 Kudos

In addition to what prashanth reddy has wrote, after NEW Certificate Generation restart Sap Instance or Service to affect system by new generated certificates

Ask a Question