https://community.sap.com/t5/application-development-and-automation-discussions/ssl-server-certificate-query/m-p/9492178#M1746230 <HTML><HEAD></HEAD><BODY><P> Hello Experts</P><P></P><P>Need to know the whether SSL client certificate is based on<BR />SSL server certificate.</P><P></P><P>Below is a scenario for this.</P><P></P><OL style="list-style-type: decimal;"><LI>We have a SSL server certificate from a well-known CA<BR />authority.</LI><LI>Need to create SSL client certificate for the ADS<BR />configuration.</LI><LI>Now in order to be secured enough, need to know that this<BR />certificate will be based on the SSL server certificate which we have acquired<BR />from the trusted CA?</LI><LI>If not then what should be done in order to get a trusted<BR />SSL Client Certificate or the systems (ABAP) own certificate is enough for this<BR />task?</LI></OL><P></P><P>Regards</P><P>Prateek</P></BODY></HTML> Thu, 20 Jun 2013 08:13:49 GMT former_member209288 2013-06-20T08:13:49Z https://community.sap.com/t5/application-development-and-automation-discussions/ssl-server-certificate-query/m-p/9492178#M1746230 <HTML><HEAD></HEAD><BODY><P> Hello Experts</P><P></P><P>Need to know the whether SSL client certificate is based on<BR />SSL server certificate.</P><P></P><P>Below is a scenario for this.</P><P></P><OL style="list-style-type: decimal;"><LI>We have a SSL server certificate from a well-known CA<BR />authority.</LI><LI>Need to create SSL client certificate for the ADS<BR />configuration.</LI><LI>Now in order to be secured enough, need to know that this<BR />certificate will be based on the SSL server certificate which we have acquired<BR />from the trusted CA?</LI><LI>If not then what should be done in order to get a trusted<BR />SSL Client Certificate or the systems (ABAP) own certificate is enough for this<BR />task?</LI></OL><P></P><P>Regards</P><P>Prateek</P></BODY></HTML> Thu, 20 Jun 2013 08:13:49 GMT https://community.sap.com/t5/application-development-and-automation-discussions/ssl-server-certificate-query/m-p/9492178#M1746230 former_member209288 2013-06-20T08:13:49Z https://community.sap.com/t5/application-development-and-automation-discussions/ssl-server-certificate-query/m-p/9492179#M1746231 <HTML><HEAD></HEAD><BODY><P>Hi Prateek, </P><P></P><P>SSL server certificates are usually not the basis for client certificates. Instead you usually have two CAs, a well know CA (often a public CA) for server certificates and an often private CA for client certificates. you can find some info on client certificates on the <A href="http://wiki.cacert.org/Technology/KnowledgeBase/ClientCerts">CAcert wiki pages</A> and more information on <A href="http://en.wikipedia.org/wiki/X.509">X.509</A> and <A href="http://en.wikipedia.org/wiki/Public_key_certificate">public key certificates</A> on the english wiki.</P><P></P><P>Regards, </P><P></P><P>Patrick</P></BODY></HTML> Thu, 20 Jun 2013 10:15:33 GMT https://community.sap.com/t5/application-development-and-automation-discussions/ssl-server-certificate-query/m-p/9492179#M1746231 Former Member 2013-06-20T10:15:33Z https://community.sap.com/t5/application-development-and-automation-discussions/ssl-server-certificate-query/m-p/9492180#M1746232 <HTML><HEAD></HEAD><BODY><P>thanks patrick that helped. Need some more info.</P><P>What if the SSL client certificate is self signed (system's). Will it suffice the purpose of ADS trusted relationship with Java server? Won't there be any security breach?</P><P></P><P>Regards,</P><P>Mayank</P></BODY></HTML> Fri, 21 Jun 2013 05:51:05 GMT https://community.sap.com/t5/application-development-and-automation-discussions/ssl-server-certificate-query/m-p/9492180#M1746232 former_member299422 2013-06-21T05:51:05Z https://community.sap.com/t5/application-development-and-automation-discussions/ssl-server-certificate-query/m-p/9492181#M1746233 <HTML><HEAD></HEAD><BODY><P>Hi Mayank, </P><P></P><P>a self signed certificate is not automatically insecure. You have the signing process in place, that you can get some idea, whether the claims of certificate are valid. If you created the certificate and later on maintain it in the ADS, there is no need for such 3rd party assurance, as I guess you will know the best, where the certificate belongs to. <SPAN __jive_emoticon_name="wink" __jive_macro_name="emoticon" class="jive_macro jive_macro_emoticon jive_emote" height="1" src="https://community.sap.com/1581/images/emoticons/wink.gif" width="1"></SPAN></P><P></P><P>As I'm not an expert in ADS and you did not mention, for which purpose you need the certificate. If it is for LDAPS based communication, <A href="http://www.javaxt.com/Tutorials/Windows/How_to_Enable_LDAPS_in_Active_Directory">this tutorial on the internet</A> mayhelp. If not, please provide a bit more info on your use case.</P><P></P><P>Regards, </P><P></P><P>Patrick</P></BODY></HTML> Fri, 21 Jun 2013 10:58:05 GMT https://community.sap.com/t5/application-development-and-automation-discussions/ssl-server-certificate-query/m-p/9492181#M1746233 Former Member 2013-06-21T10:58:05Z https://community.sap.com/t5/application-development-and-automation-discussions/ssl-server-certificate-query/m-p/9492182#M1746234 <HTML><HEAD></HEAD><BODY><P>Thanks patrick for helping out here.</P><P></P><P>Here is our scenario...we have ADS in place (ABAP and JAVA are two independent systems in same domain).</P><P></P><P>Now the use of ADS here is that it will be used to send the forms (tax) to the end users (ADS_HTTPS connection)</P><P></P><P>Hence here we use the ABAP SSL client certificate. Please suggest.</P><P></P><P>Regards,</P><P>Mayank</P></BODY></HTML> Fri, 21 Jun 2013 11:33:23 GMT https://community.sap.com/t5/application-development-and-automation-discussions/ssl-server-certificate-query/m-p/9492182#M1746234 former_member299422 2013-06-21T11:33:23Z https://community.sap.com/t5/application-development-and-automation-discussions/ssl-server-certificate-query/m-p/9492183#M1746235 <HTML><HEAD></HEAD><BODY><P>Hi Mayank, </P><P></P><P>the first question in this case would be, what is the ADS you are referring to.</P><P>ADS = Active Directory Services (MS)</P><P>ADS = Adobe Document Server </P><P>From your last comment I would now assume, you are talking about the document server, right?</P><P></P><P>If yes, did you check <A href="http://help.sap.com/saphelp_nw73ehp1/helpdata/de/4b/95ae7626f26e83e10000000a421937/content.htm">the docs</A>?</P><P>If you want to use self signed certificates for authentication, you will need to upload the certificate also into the list of trusted CAs, otherwise you might get a chain-verifier error.</P><P></P><P>Regards, </P><P></P><P>Patrick</P></BODY></HTML> Fri, 21 Jun 2013 13:01:08 GMT https://community.sap.com/t5/application-development-and-automation-discussions/ssl-server-certificate-query/m-p/9492183#M1746235 Former Member 2013-06-21T13:01:08Z https://community.sap.com/t5/application-development-and-automation-discussions/ssl-server-certificate-query/m-p/9492184#M1746236 <HTML><HEAD></HEAD><BODY><P>Hi Patrick,</P><P></P><P>yes i meant Adobe Document Service.</P><P></P><P>Secondly, i have created a SOAP client certificate in STRUST and have imported the JAVA SSL certificate there. My config has worked well in QA. Now in order to be secured, i raised the above query.</P><P></P><P>Regards,</P><P>Mayank</P></BODY></HTML> Fri, 21 Jun 2013 13:05:48 GMT https://community.sap.com/t5/application-development-and-automation-discussions/ssl-server-certificate-query/m-p/9492184#M1746236 former_member299422 2013-06-21T13:05:48Z