on 04-16-2015 10:02 PM
Hi Folks,
I'm trying to follow the documentation for setting up V8, but I'm hitting a slight snag when dealing with the SSL configuration.
Looking at the documentation,SAP Identity Management Installation Guide - SAP Library and Adding New SSL Access Points - Network and Transport Layer Security - SAP Library. I'm told to open a port, but I don't know which one to open. Is this an arbitrary number or am I supposed to choose a specific value.
Thanks,
Matt
Hi Matt,
SSL configuration is very easy in IDM 8.
please follow these steps
1. enable ssl and create self sign certificate on nwa > configuration >Security > ssl on port 50001 or any other port you wish to use
2. then click on export entry your certificate and copy into c:\program files\java\java version\lib/security\ ( please check windows java environment for correct java path )
3. export SAPLogonKeypair.cert from TicketKeystore (/nwa) and copy into c:\program files\java\java version\lib\security\
4. then use this command to add all certificate into java cacerts
keytool -import -alias my_ssl_cert -file certificate_name .crt -keystore cacerts
then open Developer studio and configure port 50001
Regards,
Mohinder
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Matt,
You could try this for point#1:
Configuring the Use of SSL on the AS Java - Network and Transport Layer Security - SAP Library
Kind Regards,
Rali
SAP Identity Management Development
6. Select the instance and push the Edit button and then browse the SSL Library and Ticket file.
7. In SSL Access Points section, choose the Add pushbutton.
8. Enter the number of the port (e.g. 50001)
9. Select the Protocol (e.g.HTTPS)
10.Select the keystore view (e.g. Instance Default)
11. Select the Client Authentication Mode (e.g. Request)
12. Finally push SAVE button to save the all configuration objects and restart the ICM to take effect the changes.
13. Open Web Browser and enter the below URL https://<j2ee_host_name>:<ICM_https_port>
Hi Matt,
SAPCrypto library should be part of your default AS Java installation, so it's only necessary to download it If you have a very old version. Check your version using sapgenpse tool.
It should be Version 8.x.x.
Go to NWA --> Configuration --> SSL and choose a port that you want to use e.g. 443, 50001, etc,
choose the required Client Authentication Mode (e.g. Request) and enable SSL by browsing to the ticket file.
If you have a Certificate Authority use this to issue the certificate instead of a self-signed certificate.
The private key of the server certificate should be imported in the Server Identity section and the issuer certificate should then be imported in the Trusted CAs section.
Restart the AS Java Instance (ICM) and test the SSL connection.
Regards,
Ridouan
Hi Ridouan & Matt, do you need SSL for eclipse to access identity center ? Per documentation, we should be allowed to access the same over 50000 as well right ?
did you make any progress with your SSL and are you able to get to the IC ? FYI, my SSL is green however when I authenticate over 50001 I get the message: "Login failed: Unrecognized SS message" and below is the log:
Any help appreciated ! Thanks
Prashanth
5155081696
Please follow these steps now
3. export SAPLogonKeypair.cert from TicketKeystore (/nwa) and copy into c:\program files\java\java version\lib\security\
4. then use this command to add all certificate into java cacerts
keytool -import -alias my_ssl_cert -file certificate_name .crt -keystore cacerts
After that error will gone
Hi Experts
Can you please help me with this ssl certificate problem.
Followed all the steps as per the documentation but still I’m getting this error.
The error is LOGIN FAILED : unrecognized ssl service .
I’m using jre 1.8 and eclipse Kepler 4.5 and sap idm 8.0.11
Steps I followed:
STEP 1 : Add path to eclipse.ini file
STEP 2 : Copy ssl-credentials-cert1.crt Download ssl-credentials-cert1.crt file and copy to C:\ProgramFiles\Java\jre7\lib\security\
STEP 3: Command Prompt Run as administrator
STEP 4 : Goto JAVA path
cd C:\Program Files\Java\jre7\bin
STEP 5 : Delete ssl cert if exists
STEP 6 : Import SSL
cert1.crt -keystore ..\lib\security\cacerts
Then certificate was exported to keystore message displayed in command prompt.
STEP 7 : Launch Eclipse.exe
STEP 8 : Remaining configuration of sap idm
Application server , port , datasource and then login with the credentials .
Thanks,
Anurag Kulkarni
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
You can verify which Java version eclipse is using in the configuration tab.
Help --> About Eclipse --> Installation Details --> Configuration.
Please try the following:
..\\jre1.7.x_xx\lib\security>..\..\bin\keytool.exe -import -alias <hostname> -Keystore cacerts -file "hostname.crt"
Check your SSL connection in the browser.
Check the SSL service is up and running.
Check your server (AS Java) firewall and ports.
Good luck!
Regards,
Ridouan
Hi Ridouan Taibi,
I have imported the certificate in the keystore
keytool.exe -import -alias my_ssl_cert -file ..\lib\security\ssl-credentials-
cert1.crt -keystore ..\lib\security\cacerts
1 . Check your ssl connection in the browser ???
its saying your connection is not private
The identity of this website is not verified
server certificate does not match the url
server certificate is not trusted
=> in my browser it shows me the different certificate , its not taking the certificate from my keystore my_ssl_cert which i have installed using keytool utility
2 how to check the ssl service is up and running???
3 how to check your server firewall and ports???
Hi,
1- As Ole pointed, the certificate dn should match your server name (don't use localhost).
Here are some keytool commands: The Most Common Java Keytool Keystore Commands
Please review your my_ssl_cert certificate and ensure the dn is matching your AS Java host.
You can also dubbel click the certificate and look for Subject Alternative Name in the details tab.
2- This is the idmdevstudio service that you have deployed together with the app, model and workflow.
3- Ask a basis resource or disable the firewall If you have a standalone installation.
Regards,
Ridouan
Hi Matt,
For SSL the port setting is required along with the certificate configuration in both Netweaver Developer studio JAVA and also in the JAVA Server running the IDM. Hope the one below helps for NW Developer Studio
http://help.sap.com/saphelp_nwidmic_80/helpdata/en/34/d1449be534416d9f800f3c91278c67/frameset.htm
Regards,
Karthik
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Matt,
have you tried the default port for SSL (HTTPS), 443 (which is mentioned in the documentation)?
Regards,
Steffi.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.