cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Import pem cert/private key in Abap 7.02 for SAML2

Go to solution
benoit-schmid
Contributor

on ‎08-06-2012 3:43 PM

0 Kudos

Hello,

I would like to test the new SAML 2.0 SSO functionality in Abap Server 7.02.

I have configured and activated saml2 and configured our external idp as documented in

http://help.sap.com/saphelp_tm80/helpdata/en/46/631b92250b4fc1855686b4ce0f2f33/frameset.htm

I would like to import the private key/certificate generated for my abap server.

In tx strust, I have not find a way to import this cert/key, providing

pem files or pkcs12 files.

I have the following tabs:

---

Sytem PSE

- SAP System

SSF Collaboration Integration

SSF SAML2 Service Provider - E

SSF SAML2 Service Provider - S

---

How could I proceed to import?

Thanks in advance for your answers.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎08-08-2012 9:07 AM
0 Kudos

hi benoit,

for me, it looks like somthing is wrong with you certificate, maybe you need a new one with basic constraints.

Zitat aus: Inst/Config. Admin Guide SSO:

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/904f39b0-3f73-2e10-4291-d853b1744...

 

BasicConstraints

 

This option defines whether the subject of the certificate is a Certification Authority and how deep a certification path may exist through that Certification Authority.

Checking this option will open the following sub-options:

 

Is critical?

 

If you select this option, the basic constraints parameter is required in the certificate for communication to be successful.

 

Is CA?

 

This option defines whether the subject of the certificate is a Certification Authority. When you select this option, the

Path Length field opens. Enter the number of levels for which the constraints are valid.

br

julius

Show replies
Show replies

Answers (1)

Answers (1)

Former Member
‎08-06-2012 4:25 PM
0 Kudos

hi benoit,

you can use the tx STRUSTSSO2, this is a extended version of tx STRUST.

lg

julius

Show replies
Show replies
benoit-schmid
Contributor
‎08-07-2012 7:27 AM
0 Kudos

Hello Julius,

Julius-Peter Vanecek wrote:
hi benoit,
you can use the tx STRUSTSSO2, this is a extended version of tx STRUST.
lg
julius

Then, how can I import my private key and signed certificate from strustsso2?

Thanks in advance for your answer.

Former Member
‎08-07-2012 8:20 AM
0 Kudos

good morning benoit,

sorry, yesterday i forgot to attache this notes: 1473710 - STRUST: How to Export/Import a PSE from/to STRUST

br

julius

benoit-schmid
Contributor
‎08-07-2012 8:47 AM
0 Kudos

Hello Julius,

Unfortunately your Note deals with pse file.

It does not document how to import a pem or pkcs12 private key.

See you,

Former Member
‎08-07-2012 9:05 AM
0 Kudos

okay, i understand, maby this helps you out:

http://help.sap.com/saphelp_nw70/Helpdata/en/0d/9ce63bab134b39a52e340255d7650c/content.htm

it was the only note if found about import pkcs12 files:

Hinweis 1300880 - Digital Invoice Mexico: Import Certificates

for a pkcs12 file you can not use tx strust, you must work with the sapgenpse.

lg julius

benoit-schmid
Contributor
‎08-07-2012 3:27 PM
0 Kudos

Hello,

Thanks for this conversion mechanism.

Unfortunately, I have a few problems with it:

---

PKCS#12/PFX file contains 1 keypair:

  1. FriendlyName = "nplhost.unige.ch"

     X.509v3 (type=Both) RSA-2048 (signed with sha1WithRsaEncryption)

     Subject="CN=nplhost.unige.ch"

     Issuer ="CN=nplhost.unige.ch"

ERROR in import_p12: (9/0x0009) af_verify_Certificates failed

ERROR in af_verify_Certificates: (12851/0x3233) Verification of one certificate of path failed because there are no basic constraints

ERROR in check_basicConstraints: (12851/0x3233) Verification of one certificate of path failed because there are no basic constraints

---

Would you know what this error means?

Thanks in advance for your help.

Ask a Question