cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSL certificate renewal

Go to solution
Former Member

on ‎12-10-2014 12:27 PM

0 Kudos

Hello Friends,

In our landscape we need to renew SSL server certificates for reasons other than validity expiration.

we have Enterprise portal 701 on windows server 2008 which has back end SAP  CRM  ABAP 7.0 which is on RHEL 5.7.

We are also using SAP Webdispatcher on Windows 2008 and the Apache 2,4 on the same server which is used to rewrite URLs.

We have followed the steps to renew our SSL cert which is also described in the SAP note:

1770585 - How to configure SSL on the AS Java

Verisgin CA is being used to sign the server certificate. So we have to import the intermediate/root certificate as well as per the below SAP note:

694290 - SAP J2EE: react on expiration of VeriSign CA certificates

My question  is, this note (694290) is very old(2004) and it says it is valid for SAP J2EE Server 6.20 and SAP J2EE Server 6.40.

We have  7.01 SP7 SAP J2EE in our portal.

Can you please share your thought?

Thanks,

Rakesh

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

divyanshu_srivastava3
Active Contributor
‎12-10-2014 12:32 PM
0 Kudos

That should work.

The difference came from 6.20 and should be same for above version too.

Regards,

Show replies
Show replies
Former Member
‎12-10-2014 2:35 PM
0 Kudos

Thanks Divyanshu,

There is few points from the note that I would like to be clear about.,

I have already received the CA signed server certificate and imported in the Visual admin-->key storage-->TrustedCAs(view)> server(Keystore entry of SSL server certificate)

We have two entries one is server(key) and server-cert(.crt).

As I understand ,I can delete the private key(server(key)) from the view.

And rename the  certificate from server-crt to sever(.crt)

Now I have to follow the SAP note to import the verisign intermediate and root certificate.

If I follow the above steps,I will export as per #6 by selecting my ken entry(server) to server.p8 and the chain cert #1 .

And When I delete my entry as per #8  and relaod as per #9a ,

what am I importing? my private key or the server certificate?

Server ->Intermediate-->Root

so will I ended with just one entry (server) which will have all the three certificates?

Thanks,

Rakesh

Answers (1)

Answers (1)

Reagan
Advisor
Advisor
‎12-10-2014 2:57 PM
0 Kudos

Hello Rakesh

The section "Apply to SAP J2EE Server 6.30" also applies to systems that are released afterwards and with Visual Admin. For newer releases of J2EE systems there is no Visaul Admin and in that case NWA should be used. In your case the steps described under "Apply to SAP J2EE Server 6.30" should be the one.

Reagan

Show replies
Show replies
Former Member
‎12-10-2014 3:12 PM
0 Kudos

Thanks Reagan for confirming that!

Can I just delete my private key after importing CSR response?

And then apply SAP note:

694290 - SAP J2EE: react on expiration of VeriSign CA certificates



Regards,

Rakesh

Reagan
Advisor
Advisor
‎12-10-2014 3:40 PM
0 Kudos

Hello Rakesh

I have never done VeriSign CA certificate renewal so I cannot be sure with it but I would perform the steps mentioned in the SAP note on a test system and see how it goes before I implement it on the production. The note looks pretty straight forward and if you have all the files downloaded and required in the steps mentioned you should just follow it but if you need to be absolutely sure about it then check with the SAP support through an OSS message.

Former Member
‎12-10-2014 4:12 PM
0 Kudos

Thanks Reagan!

I have already asked SAP through OSS , should wait for the reply.

Ask a Question