on 08-26-2011 10:30 AM
Hi,
We followed the process to configure SSL using the following link:
http://help.sap.com/saphelp_nwce711/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm
After importing the CSR , its giving license expiry error.
But we used a SSL Server Test Certificate from support portal which has a validity of eight weeks.
I think it is conflicting with some of the certificates which are already present for another server.
So, how to use this new certificate. We have already deleted the existing certificates in the keystore view
icm_ssl_345723_50301 and created new entry, Generated the CSR and imported the CSR which we got from the support portal. But also facing the same issue.
So, please help in how to use the current certificate.
Regards,
Mounika.
Dear Mounika,
Hope you are doing good.
Check:
Generating the certificate request,
[http://help.sap.com/saphelp_nw70ehp1/helpdata/en/40/98e026df1448bfe10000000a114cbd/content.htm]
Importing certificates,
[http://help.sap.com/saphelp_nw70ehp1/helpdata/en/40/98df8ddf1448bfe10000000a114cbd/frameset.htm]
Also I would request you to check all the configurations for SSL as documented in :
[http://help.sap.com/saphelp_nw04/helpdata/de/f1/2de3be0382df45a398d3f9fb86a36a/content.htm]
and
[https://wiki.sdn.sap.com/wiki/display/EP/ConfiguringtheUseofSSLontheSAPJ2EE+Engine]
Thank you and have a nice day :).
_____________
Kind Regards,
Hemanth
SAP AGS
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
The default certificates were generated to some other server, the host name is different in them, so we have deleted those and created new entries and specified the fqdn of the server, generated the csr and imported the response still facing the issue "The entry expired" for the private key.
The details are follows:
Can anyone help in, why there are 2 certificates in the private key entry?
The validity of certificate[1] is expired. So what is that certificate and how to solve this issue.
The view is:
=============
icm_ssl_345723_50301
The entries are:
=============
Status Name Entry type Algorithm Valid From Valid TO
red ssl credentials Private Key RSA Fri,Aug 26,2011 Tue, Oct 25,2011 (Entry expired status)
green ssl credentials-cert Certificate RSA Fri Aug 26,2011 Tue, Aug 26,2031
Entry details:
==============
PRIVATE KEY entry
Creation date : Fri Aug 26 10:23:32 GMT+05:30 2011 (26 Aug 2011 04:53:32 GMT)
Version: : PKCS#8 RSA
Key Size : 1024 bits
Certificate[0] -
Version : ver.3 X.509
Algorithm : RSA
Key Size : 1024 bits
Subject name : CN=vpuns2psezpu-03.ad.xxxx.com,L=BANGALORE,OU=Server,O=SAP Trust Community,C=DE
Issuer name : CN=Server CA,OU=Server,O=SAP Trust Community,C=DE
Serial number : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Signature Algorithm : sha1WithRSAEncryption
Validity:
not before : Fri Aug 26 09:20:48 GMT+05:30 2011 (26 Aug 2011 03:50:48 GMT)
not after : Tue Oct 25 09:20:48 GMT+05:30 2011 (25 Oct 2011 03:50:48 GMT)
Public key fingerprint : xxxxxxxxxxxxxxxxxxxxxxx
Certificate fingerprint(MD5): xxxxxxxxxxxxxxxxxxxxxxxx
Certificate extensions :
[critical]
BasicConstraints: CA: no
KeyUsage: digitalSignature | nonRepudiation | keyEncipherment | dataEncipherment
[non critical]
SubjectKeyIdentifier: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ExtendedKeyUsage: KeyPurposeId 0: TLS Web server authentication
Certificate[1] -
(Because of this certificate invalidity its giving expiry status)
Version : ver.3 X.509
Algorithm : RSA
Key Size : 1024 bits
Subject name : CN=Server CA,OU=Server,O=SAP Trust Community,C=DE
Issuer name : CN=Server CA,OU=Server,O=SAP Trust Community,C=DE
Serial number : x
Signature Algorithm : sha1WithRSAEncryption
Validity:
not before : Tue Jul 18 15:30:00 GMT+05:30 2000 (18 Jul 2000 10:00:00 GMT)
not after : Sun Jul 18 15:30:00 GMT+05:30 2010 (18 Jul 2010 10:00:00 GMT)
Public key fingerprint : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Certificate fingerprint(MD5): xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Certificate extensions :
[critical]
BasicConstraints: CA: yes
KeyUsage: digitalSignature | nonRepudiation | keyEncipherment | dataEncipherment | keyCertSign | cRLSign
[non critical]
SubjectKeyIdentifier: x
SubjectAltName: uniformResourceIdentifier: http://service.sap.com/TCS
Hi,
Kindly do find the below steps.
When we install SAP ABAP+JAVA (or) JAVA we get SSL Certificates by default i.e. 2
1) First you take a backup of these 2 Certs.
2) Delete these 2 Certs.
3) There you can find "Generate CER" here you need to key t
he inputs like (a) SID (b) hostname (c) location etc ... finally save this cert in the naming convection of the deleted ones.
4) You need to go to the service market place and select "TCS" i..e Trust Center and select the systems based on your requirement like ABAP+JAVA,JAVA. Copy the CERT i..e from Begin Cert and End Cert and paste and generate the TCS CERT KEY.
5) By default the license lasts for 1 year.
6) Go to Keystore and upload the CERT
7) Try with https and this has to be worked
Note:- I have given an overview for X509 Cert and kindly dig in with process clicks.
With Regards,
Prashanth Gali
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
92 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.