on 12-10-2014 12:27 PM
Hello Friends,
In our landscape we need to renew SSL server certificates for reasons other than validity expiration.
we have Enterprise portal 701 on windows server 2008 which has back end SAP CRM ABAP 7.0 which is on RHEL 5.7.
We are also using SAP Webdispatcher on Windows 2008 and the Apache 2,4 on the same server which is used to rewrite URLs.
We have followed the steps to renew our SSL cert which is also described in the SAP note:
1770585 - How to configure SSL on the AS Java
Verisgin CA is being used to sign the server certificate. So we have to import the intermediate/root certificate as well as per the below SAP note:
694290 - SAP J2EE: react on expiration of VeriSign CA certificates
My question is, this note (694290) is very old(2004) and it says it is valid for SAP J2EE Server 6.20 and SAP J2EE Server 6.40.
We have 7.01 SP7 SAP J2EE in our portal.
Can you please share your thought?
Thanks,
Rakesh
That should work.
The difference came from 6.20 and should be same for above version too.
Regards,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Divyanshu,
There is few points from the note that I would like to be clear about.,
I have already received the CA signed server certificate and imported in the Visual admin-->key storage-->TrustedCAs(view)> server(Keystore entry of SSL server certificate)
We have two entries one is server(key) and server-cert(.crt).
As I understand ,I can delete the private key(server(key)) from the view.
And rename the certificate from server-crt to sever(.crt)
Now I have to follow the SAP note to import the verisign intermediate and root certificate.
If I follow the above steps,I will export as per #6 by selecting my ken entry(server) to server.p8 and the chain cert #1 .
And When I delete my entry as per #8 and relaod as per #9a ,
what am I importing? my private key or the server certificate?
Server ->Intermediate-->Root
so will I ended with just one entry (server) which will have all the three certificates?
Thanks,
Rakesh
Hello Rakesh
The section "Apply to SAP J2EE Server 6.30" also applies to systems that are released afterwards and with Visual Admin. For newer releases of J2EE systems there is no Visaul Admin and in that case NWA should be used. In your case the steps described under "Apply to SAP J2EE Server 6.30" should be the one.
Reagan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Rakesh
I have never done VeriSign CA certificate renewal so I cannot be sure with it but I would perform the steps mentioned in the SAP note on a test system and see how it goes before I implement it on the production. The note looks pretty straight forward and if you have all the files downloaded and required in the steps mentioned you should just follow it but if you need to be absolutely sure about it then check with the SAP support through an OSS message.
User | Count |
---|---|
98 | |
11 | |
11 | |
10 | |
10 | |
8 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.