cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

TRUST059 when importing certificate response

Go to solution
Former Member

on ‎07-31-2013 4:29 PM

0 Kudos

Hello,

I am working with NW73, and setting up HTTPS.  Following the instructions here:

http://help.sap.com/saphelp_nw73/helpdata/en/49/23501ebf5a1902e10000000a42189c/frameset.htm

I have created a certificate signing request.

I have self-signed this certificate with a root CA that I have created for my company (this is deployed so as to not get cert warnings when using self-signed)

When I go to import the certificate response, I get an error: "

Issuer certificate missing in database: ..."

The message no is TRUST057.

I understand that it cannot find the CA.

I feel like maybe I have not added the root CA correctly, since it cannot be found.

This is the procedure:

Store the issuer certificate in the database (menu function Certificate -> Export -> Database) and make sure that the certificate is not marked as inactive (menu function Certificate -> Database).

I'm confused about why i would be "exporting" and not importing.  Anyway, what is the procedure for "storing  the issuer certificate in the database"?

I have tried simply importing the root CA and it shows up in the certificate list for the SSL PSE, but I'm not sure this is correct, because the issue persists.

Thanks.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎08-01-2013 1:53 AM
0 Kudos

Thanks for the responses.  

I read note 1468249 , and I attempted this before.  (I did not post about it).  When I do this, I do not get an error.  But nothing actually happens.  No positive response, not negative response.  No certificates show up in the certificate list.  It just seems to do nothing.

Samuli>  I tried that, as I indicated in my original post.  I get the error even with the root CA imported.

Show replies
Show replies
Former Member
‎08-01-2013 2:22 PM
0 Kudos

You need to import both the self-signed certificate response and the root CA used to sign the certificate request at the same time, before pressing save. You can also use sapgenpse with the -r option if you prefer.

Answers (3)

Answers (3)

Former Member
‎08-01-2013 7:31 PM
0 Kudos

Samuli>

You are correct.  I have never done this, so some of this is expectation management.

First, I did finally figure out how to get the root CA entered into the certificate database.

"Export" is a crazy word. But really, you "Import the certificate" onto the screen.

Then you "Export" it into the database.  Once I did this, the certificate response was accepted.

Here's the thing I learned, and like I said: This is because I have never done this before.

When pasting the certificate response and accepting it there is NO feedback from the interface.

There is no success message, no screen change. Nothing happens to confirm it was accepted.

Once you save then you get a successful save message and this works.

I was doing this with my CA and the response in one file and it was working.  But because of the lack of response from the screen, I did not know it was working.

So thanks for all the help and clarity. To make matters worse, I accidentally had icm/HTTPS/verify_client set to 2. oops.

Show replies
Show replies
Former Member
‎08-01-2013 10:26 PM
0 Kudos

I have had my own headaches with STRUST, for anything more than the routine tasks I prefer to use sapgenpse.

Former Member
‎07-31-2013 11:15 PM
0 Kudos

Just import the root CA you used to sign the certificate request.

Show replies
Show replies
Sriram2009
Active Contributor
‎07-31-2013 10:23 PM
0 Kudos

Hi Jason

Kindly go thru SAP notes

1468249  - STRUST: Error TRUST057 "CA certificate is missing on database". Import of certificate response not possible


Note 508307 - Trust Manager: Problems importing certificate responses

Thanks

Ram

Show replies
Show replies
Ask a Question