Solved: Problem importing a certificate using Strust

Sigurdur · ‎11-22-2011

Hi

I'm trying to import a signed wildcard certificate form Comodo onto Web Application server using Transaction STRUST

My plan is to replace the self signed one wiht a certificate that does not propmt a security warning from the web browser.

to be more exact I want to use the SSL for BSP web pages and Web services.

Currently If we try to have a .Net client call the Sap Web service we get the following error in .NET code

 
System.InvalidOperationException: General Error https://server.domain.com/sap/bc/srt/wsdl/bndg_E10C782F9C42E4F199F3001A64362F30/wsdl11/allinone/stan... ---> System.Net.WebException: There was an error downloading 'https:/server.domain.com/sap/bc/srt/wsdl/bndg_E10C782F9C42E4F199F3001A64362F30/wsdl11/allinone/standard/document?sap-client=020'. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

But when I try to import the COMODO certificate via STRUST I get the error

 
Issuer certificate missing in database:CN=AddTrust External CA Root, OU=AddTrust External
Message no. TRUST057

Can anyone tell me the exact steps to add this certificate into SAP. despite goggling around a lot I have not been able to make it work

Best regards

mvoros · ‎11-22-2011

Hi,

check note 1468249.

Cheers

mvoros · ‎11-22-2011

Hi,

check note 1468249.

Cheers

former_member690449 · ‎04-03-2013

Hello,

I am having the same problem trying to import the "issuer certificate" into a database.

Here is what I have been doing so far:

1. I generated a PSE.

2. I made a certificate request.

3. I ordered the new certificate from the Thawte.

4. I imported the certificate response of Thawte.

a. If I import the certificate response to the "own certificate" import button "Import Certification Respond", then an error occurs: "Issuer certificate missing in database:CN=thawte Extended Validation SSL CA, OU=Terms of"

b. I can only import "certificate" section under "Import certification" and add to Certification list. However I doubt that this is the correct way.

I tried following the note 1468249 and I have a question.

The three certificates, that I put to the Certification box are:

1. "Import Certification Respond" - respond to the certificate that I order from Thawte.

2. Thawte root certification: https://www.thawte.com/roots/thawte_Primary_Root_CA.pem.

3. What is the intermediate certification? I have no knowledge about it.

I would be grateful if somebody could explain what the intermediate certificate is.

Best regards

Former Member · ‎04-03-2013

An intermediate certificate is something between the authoritative CA root and the one used to sign your certificate. Simply open the certificate provided by Thawte in a browser and see the certificate chain. The more levels there are in the three, the more likely you have a intermediate certificate. SAP might not be even aware of the new CA root certificates used by Thawte so as long as you import all certificates used in the chain, you should be fine.

Sigurdur · ‎04-04-2013

Make sure you have the latest patch level of the ICM server i.e the latest kernel patch

also if there is an intermediate certificate, you need to chain them into the same file, a good way to do that is to view the certificate using a browser and export it from there in one file.

former_member690449 · ‎04-04-2013

Thank you that replay.

It’s not working.

I have latest Kernel verson: 7.21 patch 100 and SAP ECC 6 EHP5. OS: Linux

Certificate respond is in me email

CA root certificate: https://www.thawte.com/roots

Intermeediate certificate: https://search.thawte.com/support/ssl-digital-certificates/index?page=content&actp=CROSSLINK&id=AR13...

If I import certificates to certificate list through button „2“ then it is OK. Like shown in the Picture:

If I import respond certificate from button „1“ then an error occures that issuer certification isn’t in the certification database. If I tried importing SAP certification (sap free test certification), then the import under button „1“ was fine.

I guess that I must import thawte issuer certificate (N=Thawte DV SSL CA, OU=Domain Validated SSL, O="Thawte, Inc.", C=US) to certificates database (certification -> database). SAP Issuer certificate is already in certificate database. Are there any Notes or guide on how to do this? Or it isn’t possible? I have searched in forum and SAP Notes portal, but i haven’t found any Notes or guide.

I could import respond certificate and intermediate certificate to database, but it didn’t work (certification -> database):

Best regard, Reemet

Former Member · ‎04-04-2013

Just import the root Thawte certificate. If it still doesn't work, combine the Thawte root, intermediate and your certificate in one file and import that.

former_member690449 · ‎04-15-2013

Hi

It work, thanks :-). Sorry for the confusement.

Reemet