on 12-01-2014 11:07 AM
Hi Experts,
Currently our SSL Certificate of SAP Webdispatcher already expired, and i try to renew the certificates, and here the step i have done :
1.set SECUDIR environment variable
setenv SECUDIR /home/wdpadm/sec
2.generate PSE and CSR files
sapgenpse get_pse -p SAPSSLS.pse -x psepin -r webdisp.req "CN=company.co.uk, OU=my company, O=company name L=London , SP=London, C=UK"
3. Send webdisp.req file to CA (digicert)
4. After downloading generated certificate, i receive three certificate file
- TrustedRoot.cer
- DigiCertCA2.cer
- star_company_co_uk.cer
5. Upload certificate to server (with ftp client) under directory /home/wdpadm/sec where the PSE and CSR file generated previously
6. Importing certificate
sapgenpse import_own_cert -c star_company_co_uk.cer -p SAPSSLS.pse -x psepin
But there is error message :
import_own_cert: Installation of certificate failed
ERROR in ssf_install_CA_response: (1280/0x0500) No certficate with your public key found
7. i try combination certificate with other certificate i received, but resulting the same error
sapgenpse import_own_cert -c star_company_co_uk.cer -p SAPSSLS.pse -x psepin -r DigiCertCA2.cer
is there some step that i miss? appreciates for every reply.
Hello
The error message means that you are trying to import a certificate response that was not created from the current PSE. It seems that the key pair from the PSE was changed, so it is not possible to import the certificate response.
You need to create the CSR in the PSE, otherwise it is not possible to use it for SSL purposes in the web dispatcher.
Regards.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Tapan,
Thanks for Replying.
after your reply i try to regenerate CSR and PSE files with
sapgenpse get_pse -p SAPSSLS.pse -x psepin -r webdisp.req "CN=company.co.uk, OU=my company, O=company name L=London , SP=London, C=UK"
After that i import all certificate together at once
sapgenpse import_own_cert -c star_company_co_uk.cer -r TrustedRoot.cer -r DigiCertCA2.cer -p SAPSSLS.pse -x psepin
then continue with creating security login for user <sid>adm and restart the application service.
and here are some helpful link related with SSL setup
Installation of SAP Web Dispatcher and SSL Setup (updated and corrected) - Basis Corner - SCN Wiki
Creating a PSE for the Server Using SAPGENPSE - Network and Transport Layer Security - SAP Library
http://help.sap.com/saphelp_47x200/helpdata/en/7c/f3d02c3b5e234e8ab2d43d9fd48d29/content.htm
Regards,
Firman
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.