Dear Krish,

I am having the same issue in NW 7.3 Java . For me , the update did not solve the issue. Did you perform any other settings?

You can't specify the used algorithm in Key Storage, use SAPGENPSE instead and import the certificate to Key Storage. Use -a sha256WithRsaEncryption to specify the algorithm while creating the PSE.

Can elaborate more on using -a with that option?  The only ones published are RSA (default) and DSA and when I tried explicitly what you wrote it was an invalid option.

We had a situation where we requested our cert from the authority like we normally do with sapgenpse get_pse -p SAPSSLS.pse -r <certeq_name.req>-s 2048 "xxx.xxx.xxx, C=US"

We would get the response back and import it with

sapgenpse import_own_cert -c <cert file.crt> -r <intermed.crt> -r <root.crt> -p SAPSSLS.pse -x <pin>

This time the cert request came back from our authority as G2 (SHA-2).  The import failed with an FCPath error, but when l looked at the subject, all the variables were in fact in the certificate chain.  The one thing that was odd was that the "C" variable in the error was in quotes (e.g. "company name, inc.") instead of C=comany name, inc.

I asked the authority admin to reprocess my request as SHA-1.  He sent me a response and bundle of root+intermediate.  Ran the same command, and the SSL cert imported without incident.

Do we need to specify something in the initial request (sapgenpse get_pse...) to insure we get use an SHA-2 cert?  Or is there another reason my SHA-1 cert imported when the SHA-2 one gave the FCPath error?