Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSL server certificate Query

former_member209288
Discoverer

‎06-20-2013 9:13 AM

0 Kudos

Hello Experts

Need to know the whether SSL client certificate is based on
SSL server certificate.

Below is a scenario for this.

  1. We have a SSL server certificate from a well-known CA
    authority.
  2. Need to create SSL client certificate for the ADS
    configuration.
  3. Now in order to be secured enough, need to know that this
    certificate will be based on the SSL server certificate which we have acquired
    from the trusted CA?
  4. If not then what should be done in order to get a trusted
    SSL Client Certificate or the systems (ABAP) own certificate is enough for this
    task?

Regards

Prateek

6 REPLIES 6

Former Member

‎06-20-2013 11:15 AM

0 Kudos

Hi Prateek,

SSL server certificates are usually not the basis for client certificates. Instead you usually have two CAs, a well know CA (often a public CA) for server certificates and an often private CA for client certificates. you can find some info on client certificates on the CAcert wiki pages and more information on X.509 and public key certificates on the english wiki.

Regards,

Patrick

former_member299422
Explorer
In response to Former Member

‎06-21-2013 6:51 AM

0 Kudos

thanks patrick that helped. Need some more info.

What if the SSL client certificate is self signed (system's). Will it suffice the purpose of ADS trusted relationship with Java server? Won't there be any security breach?

Regards,

Mayank

Former Member
In response to Former Member

‎06-21-2013 11:58 AM

0 Kudos

Hi Mayank,

a self signed certificate is not automatically insecure. You have the signing process in place, that you can get some idea, whether the claims of certificate are valid. If you created the certificate and later on maintain it in the ADS, there is no need for such 3rd party assurance, as I guess you will know the best, where the certificate belongs to.

As I'm not an expert in ADS and you did not mention, for which purpose you need the certificate. If it is for LDAPS based communication, this tutorial on the internet mayhelp. If not, please provide a bit more info on your use case.

Regards,

Patrick

former_member299422
Explorer
In response to Former Member

‎06-21-2013 12:33 PM

0 Kudos

Thanks patrick for helping out here.

Here is our scenario...we have ADS in place (ABAP and JAVA are two independent systems in same domain).

Now the use of ADS here is that it will be used to send the forms (tax) to the end users (ADS_HTTPS connection)

Hence here we use the ABAP SSL client certificate. Please suggest.

Regards,

Mayank

Former Member
In response to Former Member

‎06-21-2013 2:01 PM

0 Kudos

Hi Mayank,

the first question in this case would be, what is the ADS you are referring to.

ADS = Active Directory Services (MS)

ADS = Adobe Document Server

From your last comment I would now assume, you are talking about the document server, right?

If yes, did you check the docs?

If you want to use self signed certificates for authentication, you will need to upload the certificate also into the list of trusted CAs, otherwise you might get a chain-verifier error.

Regards,

Patrick

former_member299422
Explorer
In response to Former Member

‎06-21-2013 2:05 PM

0 Kudos

Hi Patrick,

yes i meant Adobe Document Service.

Secondly, i have created a SOAP client certificate in STRUST and have imported the JAVA SSL certificate there. My config has worked well in QA. Now in order to be secured, i raised the above query.

Regards,

Mayank