cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Strust | Issue with password of certificate

Former Member

on ‎07-25-2013 9:18 AM

0 Kudos

Hi All,

We are facing a strange situation with strust certificates.

As a part of refresh we had downloaded the certificates from STURST on our QAS system.

Now after restore we have reverted back the exported QAS tables and User master.

However while trying to upload the old certificates in Strust its asking for password.

Strange is while downloading it went well without asking for any password, But while uploading back its asking.

Can you please help us on fixing this.

Regards,

Ravi.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (5)

Answers (5)

Former Member
‎08-09-2013 2:22 PM
0 Kudos 
Ravikumar H M wrote:
Now after restore we have reverted back the exported QAS tables and User master.

Uhh, care to elaborate? What exactly did you "revert" and how? Doesn't sound like something you should be doing.

Show replies
Show replies
Former Member
‎08-09-2013 2:35 PM
0 Kudos

Hi Samuli,

Coming to secstore, yes we do apply migration key and execute during post actions.
That will take most of the connection to green(working).

Coming to revert back exported QAS exported tables.
==> Here we are importing back the RFC tables, Variant(depends on customer request), Partner profiles, Printers, and Secstore tables.

All the above tables we do export in pre refresh actions.

: All the certificates are with .pse

Like system.pse/SSL server Standard.pse/SSL client Anoonymous.pse/SSL client Standard.pse

Regards,

Ravi

Former Member
‎08-09-2013 5:29 PM
0 Kudos

No to derail this discussion thread any further but importing single tables is not supported by SAP, it is only a matter of time until something breaks. I think you should revisit your procedures.

Anyway, I don't have much to contribute to this discussion thread. If you exported the PSEs and you are now trying to import the PSEs, you are prompted for the credentials assuming credentials are not in place. As mentioned by see SAP note 152505 and the referenced SAP note 800240 for details.

http://service.sap.com/sap/support/notes/1525059

https://service.sap.com/sap/support/notes/800240

Former Member
‎08-09-2013 2:18 PM
0 Kudos

Check transaction SECSTORE. If you did a system refresh, that is the most likely source of problems. You will have to get a Secure Storage migration key from SAP, with the key you will be able to fix your Secure Storage in transaction SECSTORE. It's a well known post processing step for system copies.

Show replies
Show replies
Former Member
‎07-29-2013 8:05 AM
0 Kudos

Hi,

  i have faced same scenario.

if it prompts for password , It means it is unable to decrypt/certificate got corrupted.

Just regenerate the certificate from respective portal and upload in ur QA system.

It will work.

Regards

Yugandhar

Show replies
Show replies
Former Member
‎08-09-2013 1:48 PM
0 Kudos

Thanks Yugandhar,

Reg "It means it is unable to decrypt/certificate got corrupted."

Can we know is there any process or step we can adapt to verify same.

Or

How you came to conclusion on certificate is corrupt. Was it an update from SAP to your team.

Also is there any ways to prevent this.

Reason: while downloading we dont get any issue, it simply goes fine. So any way to rectify or get hold on this.

Please share.

Regards,

Ravi

Former Member
‎08-09-2013 2:08 PM
0 Kudos

Hi,

Just missed one thing to ask that what was the extension or type of the cert when you download it?

Thanks

Rishi Abrol

Former Member
‎07-25-2013 10:23 AM
0 Kudos

Hi ravi,

Just wanted to know that was SNC active in your system?

Which certificate are you actually talking about SAPCryptolib one.

If SNC was active and you are talking about SAPCryptolib certificate then you need to have password on the certificate else system will not start back online.

Thanks

Rishi Abrol

Show replies
Show replies
Former Member
‎07-25-2013 12:59 PM
0 Kudos

Hi Rishi,

Its not SNC, even for SYSTEM PSE its asking for password.

Thats strange, while downloading it never but now its.

Regards,

Ravi

Nibu
Contributor
‎07-25-2013 1:16 PM
0 Kudos

Hi Ravi,

What is your system, ECC or any other ? Normally I face this issue in my PI landscape .

Anyways , how many certs are there to upload ? If its less, can't you do it fresh by removing the current PSE and creating fresh one and uploading the needed ones again ? I was doing same after DB refresh .

Regards,

Nibu Antony

Former Member
‎07-25-2013 1:20 PM
0 Kudos

Hi,

Always we have issues when you have issues with SAPlibcrypto .

Can you please check that SAP libcrypto is installed correctly and the parameter are correct.

Which all table have you reimported?

Ok can you mean wile try what happens if you try and create PSE in Strustsso2.

Thanks

Rishi Abrol

bxiv
Active Contributor
‎07-25-2013 2:47 PM
0 Kudos

Certificates typically require a password on importation into any system, unless its marked as a non-exportable certificate.

Can you validate with your QA system, have someone in your IT dept generate a cert good for 30 days or so, just so you can see if QA prompts for a password?

Former Member
‎07-25-2013 3:00 PM
0 Kudos

Hi Nibu/Rishi/Belly

Thanks for reply.
Tables are normal RFC, SECSTORE .... related.

We do refresh for many systems, but only on these systems SCM and ERP we are facing issue and that too 1st time.


Yes can create a local PSE, by right click and create.

Worst case new certificates can be adjusted or uploaded.

But question really is, while downloading it should have asked for password but it dint.
Then why is it asking while uploading.

There are systems where while downloading SSL certificate itself they throw pop up for password.

We give and download and same applies while uploading.

Here the situation is different. So wanted to understand why its so.

Regards,

Ravi

Former Member
‎07-26-2013 5:32 AM
0 Kudos

Hi Ravi,

Are you aware of who created the certificates earlier on these system and they were not created with any password.

was any patch upgrade done on after the certificate are created?

If the system would have been still there we could have user this to check

Is the PSE protected by a password (PIN)?

              What is the result of report ZSSF_TEST_PSE, when executed for the PSE concerned? The report ZSSF_TEST_PSE is available in note 800240. It takes the PSE file name and the password (PIN) as parameters.

Normal checks.

1525059 - Analysis of Problems Accessing a PSE via Credentials

Thanks

Rishi Abrol

Former Member
‎07-25-2013 9:42 AM
0 Kudos

Hi Ravi,

           STRUST you are mentioning about SSO or PSE.

Thanks and Regards,

Kunal Gahlot

Show replies
Show replies
Ask a Question