Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSL

Go to solution
Former Member

‎09-06-2007 10:00 AM

0 Kudos

Hi,

we hav e a fully trusted SSL certificate on both the ABAP and J2EE

listeners for the XI systems. As an example, on abc.

Accessing the J2EE stack

https://abc.com:50001/index.html we have already

generated a self-signed certificate registered to

abc.com. I have subsequenly had the related CSR

sent to a trust authority and paid for the CSR to be signed. Hence, I

have a fully trusted, valid certificate witha CN

=abc.com

How to export to ABAP stack?

I am unable to export the signed certificate from the J2EE stack and

import it into the ABAP stack

Error: CA certificate missing in database

"ABAP stack for https://abc.com:40001 "

Regards

Ben

1 ACCEPTED SOLUTION

Go to solution
former_member402999
Explorer

‎09-06-2007 12:34 PM

0 Kudos

Hi Ben,

have you already copied the private key from the J2EE engine to the ABAP stack? If not, you need to do that first (export from J2EE as PKCS#12, convert PKCS#12 to PSE using sapgenpse, import PSE to STRUST). In this case you get both the private key and the signed certificate, and you are done.

If you have already copied the private key, you need to import the root certificate of the trust authority into STRUST (menu Certificate -> Import -> File) and then save it to the database (menu Certificate -> Export -> Database). After that, you can import the signed certificate into the ABAP stack.

Best regards,

Klaus

8 REPLIES 8

Go to solution
former_member402999
Explorer

‎09-06-2007 12:34 PM

0 Kudos

Hi Ben,

have you already copied the private key from the J2EE engine to the ABAP stack? If not, you need to do that first (export from J2EE as PKCS#12, convert PKCS#12 to PSE using sapgenpse, import PSE to STRUST). In this case you get both the private key and the signed certificate, and you are done.

If you have already copied the private key, you need to import the root certificate of the trust authority into STRUST (menu Certificate -> Import -> File) and then save it to the database (menu Certificate -> Export -> Database). After that, you can import the signed certificate into the ABAP stack.

Best regards,

Klaus

Go to solution
Former Member
In response to former_member402999

‎09-06-2007 12:56 PM

0 Kudos

Hi Klaus,

Thank you very much

Could you please explain more copy private key from J2EE engine and how ti user sapgenpse?

While exporting database what are the parameters

Trust Center ?

category ?

Regards

Ben

Go to solution
former_member402999
Explorer
In response to former_member402999

‎09-06-2007 2:05 PM

0 Kudos

Hi Ben,

in order to export the private key (and the certificate) from the J2EE Engine, go to the keystore service and export the corresponding entry as PKCS#12 file. Then call sapgenpse (which you have downloaded with SAPCryptolib) with command import_p12 (sapgenpse import_p12 will display a help text) in order to create a PSE file. If you wish to store the root certficate of the trust center to the database of STRUST, choose as Trust Center any short name starting with Y or Z and as category Server CA.

Best regards,

Klaus

Go to solution
Former Member
In response to former_member402999

‎09-06-2007 2:19 PM

0 Kudos

Hi Klaus,

I got the following error.

sapgenpse import_p12 -p SAPSSLS.pse z_test6.p12,.pfx

import_p12: ERROR -- MISSING password for PKCS#12 file "z_test6.p12,.pfx"

Please enter PKCS#12 encryption password: ******

ERROR: Incomplete certification path -- NEED certificate of "OU=Equifax Secure Certificate Authority, O=Equifax, C=US"!

Regards

Radha

Go to solution
former_member402999
Explorer
In response to former_member402999

‎09-06-2007 2:37 PM

0 Kudos

Hi Radha,

I guess you need to store the certificate "OU=Equifax Secure Certificate Authority, O=Equifax, C=US" to a file and provide it to sapgenpse import_p12 using the -r option: sapgenpse import_p12 -r <certfile> -p SAPSSLS.pse z_test6.p12,.pfx

Best regards,

Klaus

Go to solution
Former Member
In response to former_member402999

‎09-06-2007 3:02 PM

0 Kudos

Hi Klaus,

I am able to cereate SAPSSLS.pse and I exported to database.

Trust center :ZABC

Certificate Category: SERV

Still same problem CA certificate missing in database

Regards

Ben

Go to solution
former_member402999
Explorer
In response to former_member402999

‎09-06-2007 3:34 PM

0 Kudos

Hi Ben,

don't save the PSE in the database - you might save the certificate "OU=Equifax Secure Certificate Authority, O=Equifax, C=US" in the database. Load the SAPSSLS.pse into STRUST by choosing PSE -> Import from the menu and save it as SSL Server.

Best regards,

Klaus

Go to solution
Former Member
In response to former_member402999

‎09-06-2007 3:42 PM

0 Kudos

Hi Klaus,

Thank you very much.

Regards

Ben