cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA SHA-256 with 2048

Go to solution
former_member184680
Participant

on ‎04-19-2015 9:45 PM

0 Kudos

Hi,

I need to create in AS ABAP and AS JAVA valid SSL certificates with "RSA with SHA-256" signing algorithm and 2048 bit encryption. In AS ABAP in transaction STRUSTSSO2 I'm able to choose "RSA with SHA-256" and "2048 bit" encryption, but the certificate information shows "RSA with SHA-1". In AS JAVA I'm able to set the encryption to "2048" by typing it manually in the field but there is no way to set the algorythm to "RSA with SHA-256". SAP Kernel 7.21 EXT Patch 402 and SAP Cryptolib 8434 are already installed.

Any ideas?

Thanks

Patrick

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member185954
Active Contributor
‎04-20-2015 10:20 AM
0 Kudos

Hello Patrick,

Check the following SAP notes


1739681 - Kernel: Support creation of RSA-PSEs with SHA-256



1689776 - SAPCRYPTOLIB 555pl34: bugfixes, AES-NI support


Regards,

Siddhesh

Show replies
Show replies
former_member185954
Active Contributor
‎04-20-2015 10:59 AM
0 Kudos

Hello Patrick,

Found another note:

1856192 - Support creation of RSA PSEs > 2048bit out of STRUST



Regards,

Siddhesh

former_member184680
Participant
‎04-20-2015 11:37 AM
0 Kudos

Hello Siddhesh,

many thanks. It looks like the information shown in STRUSTSSO2 is not right. The certificate ist RSA with SHA-256 and 2048 bit. The problem ist the Java stack. There is no option for "SHA-256".

Do you have any informations about generating a csr without opensl or sapgenpse in visual admin?

Regards,

Patrick

former_member185954
Active Contributor
‎04-20-2015 12:21 PM
0 Kudos

Hello Patrick,

My honest answer would be that I don't know how its decided. But I think, it could be down to Cipher Suites defined for your SSL Service provider.

I got this clue from the blog:

Have a look at the following link:

Managing the Credentials and Trusted Certificates to Use SSL - SAP NetWeaver by Key Capability - SAP...

Try changing the priority of the Cipher suites in SSL Provider and let everyone know if it works.

Also,

Steps using Visual Admin are found here

Regards,

Siddhesh

Answers (1)

Answers (1)

cathal_ohare
Employee
Employee
‎04-20-2015 1:43 PM
0 Kudos

Hi All,

Although the java stack does support certificates with SHA-256, it just can't create certificates with this algorithm.

However it's possible to create to import a keypair generated in some other way, e.g openssl, sapgenpse with the algorithm desired and then import it into the key staorage of the java system.

Kind regards,
Cathal

Show replies
Show replies
Ask a Question