on 03-28-2016 5:03 PM
Hello,
Can we use SAN ( SubjectAltName ) certificate to attach more than one generated PSE certificates to Root CA?
Currently we have a SAN certificate registered with CN=xxx.domain.com and we were able to import it as a CSR response to SAP Java stack system on the same hostname CN=xxx.domain.com.
Now I need to register another SAP ABAP system with CN=yyy.domain.com. Certificate in root CA is registered and yyy.domain.com added so certificate`s Alt Subject.
It looks like this:
Subject: CN=xxx.domain.com, OU=Domain Control Validated
Subject (Alt.): dNSName=yyy.domain.com
However if I try to apply this certificate response in STRUST transaction I get error: Certificate response does not match PSE. Root CA is imported in to STRUST database.
So my question is can such certificates be used for ABAP/JAVA SAP systems and in SAP Host Agents?
Many thanks for responses!
Mike
Hello Mike,
Each time you generate a certificate request you have to sign this specific request in order to import its specific response.
You cannot generate a request and then import another response you already have signed previously.
This is how certificates work in general, not restricted to SAP software.
Cheers!
Isaías
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Mike,
If you have a PKCS#12 package with your SAN certificates, then you can use sapgenpse and convert it into a PSE file.
if you don't have such package, then what Isaías mentioned is true - you need to import the response that was created based on your request (otherwise the key pair will not match).
Kind regards,
Cris
User | Count |
---|---|
91 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.