on 01-03-2008 6:49 PM
We did a refresh of our QA ECC system from Production. Our QA server is configured for SSL. However after the refresh, the verisign certificates can not be imported again to the QA system.
Should there been a task done before the refresh to be able to restore the certificates response and request?
Hi Alan,
As Olivier mentioned, you can dump the old certificate and create a new on in STRUSTSSO2 or STRUST; just right click on "System PSE" and delete, replace or create a new one.
Regards
Juan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
Replacing the PSE is not the issue. This issue is, when generating the correct PSE after the refresh of production to QAS, that the "signed" certificates that you get from a CA when you generate a request, are no longer valid.
So the question is, how do you avoid, go around, or handle this type of situation when your QAS system is SSL configured.
Hello,
In fact, it seems very logical to me.
When you regenerate the SSL Server PSE, you create new private and public keys.
As the CA certificate signs the previous key pair, it is not valid anymore !
I guess the solution is to export your SSL server PSE as a file prior to the refresh and to reimport it after the refresh.
I never did it so you'll have to experiment for your next refresh.
For this one, I think your only solution is to buy a new certificate from the CA.
The problem is that, contrary to the web dispatcher, the PSE is in the database.
I did not have the problem because we buy CA certificates only for the production systems.
Regards,
Olivier
How did you succeed in importing the PSE file?
We have tried to import a previous exported PSE file (for the "Server SSL").
We start transaction STRUST and use the function: PSE --> Import
After the import of the file, it's DN is shown in the "own certificate" part of the screen, but it does not created the "SSL Server" directory icon in the left site of the screen.
So if transaction STRUST is left and started again - no "SSL Server" PSE exist.
BR
Tom
Hi,
Great that you could re import the SSL certificate after a system refresh.
We are facing the same problem and can you please elaborate on how exactly you have reimported the SSL certificate.
1. Did you do it at the UNIX level using sapgenpse?
2. Or, did you do it from STRUST.
Any, kind of information is greatly appreciated.
Thanks,
Nag.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
We resolved the issue by importing the SAPSSL.pse file back after a refresh.
Below are the steps:
1. Export the file SAPSSL.pse from /usr/sap/<sid>/DDVEBMGS<sys #>/sec to your desktop
2. log onto the ECC system, use transaction strustsso2
3. double click on SSL server
4. on the top menue go PSE - import select the previous file exported from your file system (SAPSSL.pse)
5. save
This should restore your SSL configuration.
Hello,
What do you mean by "can not be imported again to the QA system" ?
Do you get an error in transaction STRUST ?
If yes, which one ?
Did you recreate the SSL server PSE ?
Regards,
Olivier
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
25 | |
12 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.