on 04-15-2016 5:17 PM
I'm trying to set-up SSL for our ABAP stacks (only used within our network). I generated a certificate request as per SAP Help and forwarded the file to our web team who attempted to create a certificate using Windows "certutil". Unfortunately that failed with "Denied by Policy Module", and after some investigation my colleague told me it was because the request was missing an "Enhanced Key Usage" parameter of "Server Authentication".
I can't work out where I might be able to set this. Can anyone help with this please?
Hello Richard,
Could you clarify about the SAPCRYPTOLIB (or CommonCryptoLib) version and patch level you have used?
Is it possible to have the result from command:
sapgenpse get_my_name -p <PSENAME.pse> -v -v 2>&1
executed via report RSBDCOS0 ? (replace <PSENAME.pse> for the actual PSE you are configuring via STRUST).
Kind regards,
Cris
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Richard,
I realized that he Extended Key Usage from my certificate was added by the CA. The actual certificate response does not contain the "Server Authentication".
You can try the other way round: create a P12 (PKCS#12 package) file in Windows, so you can add all the Extended Key Usage you need, then convert P12 to PSE using sapgenpse. The new PSE can then be imported via STRUST.
Kind regards,
Cris
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.