on 08-27-2015 6:50 PM
Hi community
we have next SAP System:
Today SAP Logon is showing next message:
Validity of certificate with PSE type >server SSL< ends in 2 days
I know this is because a certificate will expire soon however I have some doubts about the process to generate a new certificate.
If I go to tcode strust I can see next screenshot:
I was expecting find the current SSL certificate however I can't see nothing.
If I execute the report: "SSF_ALERT_CERTEXPIRE"
I see next screenshot:
So I'm not sure which is the certificate that I have to replace and what could be the correct steps
thanks in advance.
best regards
Hello Alfredo,
Which is the value of your SECUDIR environment variable? Please, check in this folder (the SECUDIR folder) if you have any PSE rather than SAPSYS.pse... if you have SAPSSL* pses, then it is probably these pses that have the certificate expired but they're not maintained in STRUST.
You can also double check in table SSF_PSE_H if you have any SAPSSL* pse there as well.
I hope this guides you.
Best Regards,
Guilherme de Oliveira
SAP Active Global Support
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
thanks Guilherme
I have checked the SECUDIR folder and you have reason I have next files:
cred_v2
LasVerify.pse
OLDSAPSSLS.pse
SAP_AGS_OLCNT_VERIFY.pse
SAPSSLS.pse
SAPSYS.pse
ticket
and in SSF_PSE_H table I have just two entries
SAP_AGS_OLCNT_VERIFY.pse
SAPSYS.pse
so where I could generate the new cert request for SAPSSLS.pse?
best regards
Hello Alfredo,
Now you can either backup this SAPSSLS.pse in another folder and create a new one via STRUST or you can import this PSE file in STRUST, save it as SSL Server PSE and then renew the certificate from STRUST itself.
Notice that this does not mean that the certificate of PSE is about to expire, it can also be any certificate imported in the Certificate List of the PSE as well.
I hope this clarifies.
Best Regards,
Guilherme de Oliveira
SAP Active Global Support
Thanks a lot Guillherme it worked
now I have one doubt more, we have two instances in High Avalaibility, so we have two secudir folders each one in respective Server and path and each one has a SSL.PSE referenced to the name of server node.
but strust just allow load one cert if I try load the second the other is substituted,
do you have any idea?
best regards
Hello Alfredo,
I'm not sure if I correctly understood your question... By load the certificate you mean the PSE's certificate (importing a certificate response) or you mean importing a certificate into the PSE's Certificate List?
Notice that if you want to load different signed CN names for different instances, then the CA-signed certificate responses must be different as well.
I'll be waiting for more information to be able to provide you a better answer.
Best Regards,
Guilherme de Oliveira
SAP Active Global Support
Hi Alfredo,
Please check the certificate details in STRUSTSSO2.
Regards,
Deepak Kori
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Deepak
tcode STRUSTSSO2 looks very similar to the STRUST, but in both cases I can't see what is the certificate that I have to change,
the message of error said that the type is:
SSL Server
however STRUST or STRUSTSSO2 "SSL Server Standard" does't have a current certificate,
where I should generate the cert request to substitute the other one?
best regards
User | Count |
---|---|
98 | |
11 | |
11 | |
10 | |
10 | |
8 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.