cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

importing digicert SSL Certificate error

Go to solution
Former Member

on ‎12-01-2014 11:07 AM

0 Kudos

Hi Experts,

Currently our SSL Certificate of SAP Webdispatcher already expired, and i try to renew the certificates, and here the step i have done :

1.set SECUDIR environment variable



setenv SECUDIR /home/wdpadm/sec

2.generate PSE and CSR files



sapgenpse get_pse -p SAPSSLS.pse -x psepin -r webdisp.req "CN=company.co.uk, OU=my company, O=company name L=London , SP=London, C=UK"

3. Send webdisp.req file to CA (digicert)

4. After downloading generated certificate, i receive three certificate file



- TrustedRoot.cer


- DigiCertCA2.cer


- star_company_co_uk.cer

5. Upload certificate to server (with ftp client) under directory /home/wdpadm/sec where the PSE and CSR file generated previously

6. Importing certificate 



sapgenpse import_own_cert -c star_company_co_uk.cer -p SAPSSLS.pse -x psepin

   But there is error message :



import_own_cert: Installation of certificate failed


ERROR in ssf_install_CA_response: (1280/0x0500) No certficate with your public key found

 

7. i try combination certificate with other certificate i received, but resulting the same error



sapgenpse import_own_cert -c star_company_co_uk.cer -p SAPSSLS.pse -x psepin -r DigiCertCA2.cer

   

is there some step that i miss? appreciates for every reply.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎12-01-2014 4:20 PM
0 Kudos

Hello

The error message means that you are trying to import a certificate response that was not created from the current PSE. It seems that the key pair from the PSE was changed, so it is not possible to import the certificate response.

You need to create the CSR in the PSE, otherwise it is not possible to use it for SSL purposes in the web dispatcher.

Regards.

Show replies
Show replies
Former Member
‎12-02-2014 7:46 AM
0 Kudos

Hi Tapan,

Thanks for Replying.

after your reply i try to regenerate CSR and PSE files with

sapgenpse get_pse -p SAPSSLS.pse -x psepin -r webdisp.req "CN=company.co.uk, OU=my company, O=company name L=London , SP=London, C=UK"


After that i import all certificate together at once


sapgenpse import_own_cert -c star_company_co_uk.cer -r TrustedRoot.cer -r DigiCertCA2.cer -p SAPSSLS.pse -x psepin

then continue with creating security login for user <sid>adm and restart the application service.

and here are some helpful link related with SSL setup

Installation of SAP Web Dispatcher and SSL Setup (updated and corrected) - Basis Corner - SCN Wiki

Creating a PSE for the Server Using SAPGENPSE - Network and Transport Layer Security - SAP Library

http://help.sap.com/saphelp_47x200/helpdata/en/7c/f3d02c3b5e234e8ab2d43d9fd48d29/content.htm

Creating the Server's Credentials Using SAPGENPSE - Network and Transport Layer Security - SAP Libra...

Regards,

Firman


Answers (0)

Ask a Question