on 07-25-2013 9:18 AM
Hi All,
We are facing a strange situation with strust certificates.
As a part of refresh we had downloaded the certificates from STURST on our QAS system.
Now after restore we have reverted back the exported QAS tables and User master.
However while trying to upload the old certificates in Strust its asking for password.
Strange is while downloading it went well without asking for any password, But while uploading back its asking.
Can you please help us on fixing this.
Regards,
Ravi.
Ravikumar H M wrote:
Now after restore we have reverted back the exported QAS tables and User master.
Uhh, care to elaborate? What exactly did you "revert" and how? Doesn't sound like something you should be doing.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Samuli,
Coming to secstore, yes we do apply migration key and execute during post actions.
That will take most of the connection to green(working).
Coming to revert back exported QAS exported tables.
==> Here we are importing back the RFC tables, Variant(depends on customer request), Partner profiles, Printers, and Secstore tables.
All the above tables we do export in pre refresh actions.
: All the certificates are with .pse
Like system.pse/SSL server Standard.pse/SSL client Anoonymous.pse/SSL client Standard.pse
Regards,
Ravi
No to derail this discussion thread any further but importing single tables is not supported by SAP, it is only a matter of time until something breaks. I think you should revisit your procedures.
Anyway, I don't have much to contribute to this discussion thread. If you exported the PSEs and you are now trying to import the PSEs, you are prompted for the credentials assuming credentials are not in place. As mentioned by see SAP note 152505 and the referenced SAP note 800240 for details.
Check transaction SECSTORE. If you did a system refresh, that is the most likely source of problems. You will have to get a Secure Storage migration key from SAP, with the key you will be able to fix your Secure Storage in transaction SECSTORE. It's a well known post processing step for system copies.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
i have faced same scenario.
if it prompts for password , It means it is unable to decrypt/certificate got corrupted.
Just regenerate the certificate from respective portal and upload in ur QA system.
It will work.
Regards
Yugandhar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Yugandhar,
Reg "It means it is unable to decrypt/certificate got corrupted."
Can we know is there any process or step we can adapt to verify same.
Or
How you came to conclusion on certificate is corrupt. Was it an update from SAP to your team.
Also is there any ways to prevent this.
Reason: while downloading we dont get any issue, it simply goes fine. So any way to rectify or get hold on this.
Please share.
Regards,
Ravi
Hi ravi,
Just wanted to know that was SNC active in your system?
Which certificate are you actually talking about SAPCryptolib one.
If SNC was active and you are talking about SAPCryptolib certificate then you need to have password on the certificate else system will not start back online.
Thanks
Rishi Abrol
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Ravi,
What is your system, ECC or any other ? Normally I face this issue in my PI landscape .
Anyways , how many certs are there to upload ? If its less, can't you do it fresh by removing the current PSE and creating fresh one and uploading the needed ones again ? I was doing same after DB refresh .
Regards,
Nibu Antony
Hi Nibu/Rishi/Belly
Thanks for reply.
Tables are normal RFC, SECSTORE .... related.
We do refresh for many systems, but only on these systems SCM and ERP we are facing issue and that too 1st time.
Yes can create a local PSE, by right click and create.
Worst case new certificates can be adjusted or uploaded.
But question really is, while downloading it should have asked for password but it dint.
Then why is it asking while uploading.
There are systems where while downloading SSL certificate itself they throw pop up for password.
We give and download and same applies while uploading.
Here the situation is different. So wanted to understand why its so.
Regards,
Ravi
Hi Ravi,
Are you aware of who created the certificates earlier on these system and they were not created with any password.
was any patch upgrade done on after the certificate are created?
If the system would have been still there we could have user this to check
Is the PSE protected by a password (PIN)?
What is the result of report ZSSF_TEST_PSE, when executed for the PSE concerned? The report ZSSF_TEST_PSE is available in note 800240. It takes the PSE file name and the password (PIN) as parameters.
Normal checks.
1525059 - Analysis of Problems Accessing a PSE via Credentials
Thanks
Rishi Abrol
Hi Ravi,
STRUST you are mentioning about SSO or PSE.
Thanks and Regards,
Kunal Gahlot
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
78 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.