cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO v3.0 and ADCS Test Remote CA

Go to solution
Former Member

on ‎08-25-2016 1:50 PM

0 Kudos

We have setup an SSO v3.0 server to test the ADCS connection.

Initially we had an issue with the "Test Remote CA" failing with a 404 error. After looking at the logs, this turned out to be because SLS is automatically appending /certsrv to the URL we are using. Removing /certsrv from the destination URL resolved the 404 error.

However the test now fails with another error:

com.sap.securelogin.library.core.CertificateManagerException: iaik.asn1.DerInputException: Next ASN.1 object is no SEQUENCE!


Very helpful...


Nothing found in the SAP logs helped so I asked the AD admin to check the event log. They found errors indicating that the certificate request minimum key size is the issue. The ADCS is set to 2048.


Reading the reply to another post, there is a step in the ADCS setup to:


Check that "Cryptography > Minimum key size" fits to your SLS profiles.


So I checked the profiles and cannot find a setting to change the key size when using a remote CA.


So the question is how do we set the key size used by the Test Remote CA?


JB



Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member200373
Participant
‎08-25-2016 3:00 PM
0 Kudos

John,

good point... the key size of our current "Remote CA Test" implementation is 1024bit. Not that good choice, I have to admit.

As already said in Connecting SLS to Remote CA (CES/CEP) | SCN, we are planning some improvements for SP01, and I think this should be one of those.

Thanks for your patience.

-- Stephan

Show replies
Show replies

Answers (1)

Answers (1)

WaldemarBrill
Explorer
‎11-18-2020 7:20 AM
0 Kudos

Hello together,

we are using the newest version (3.0 SP02 PL10) and got the same error ("Next ASN.1 object is no SEQUENCE!"). After changing the key size for template "SecureLoginServerUser" to 1024 on the ADCS the error was gone.

Conclusion is that the "Remote CA Test" implementation is still (4 years later) using a low key size and I do not see any way on how this can be configured on your own.

Regards

Waldemar

Show replies
Show replies
Ask a Question