https://community.sap.com/t5/application-development-and-automation-discussions/security-alert-when-accessing-a-https-page/m-p/1642493#M286117 <HTML><HEAD></HEAD><BODY><P>Hi all,</P><P></P><P>I have configured SSL to the JAVA system. I got the digitally sigend certificate from the MS Certification Authority.I imported the certificate and the root certificate to the key-storage after to a new entry in the service-ssl view.</P><P>I stopped and started the Key-storage and SSl provider services. </P><P></P><P>I am able to browse the portal via SSL but I get a Security alert which says " the certificate is issued by a company you have not chosen to trust"And there is a red mark in the certificate which says " certificate cannot be verified up to a trusted certification authority"</P><P></P><P>I have imported the root certificate also to the JAVA visual administrator then why am i getting this security alert.?</P><P></P><P>Also I dont get this alert only if I download the root certificate to the browser's certificateion store.</P><P></P><P>Is there a way through which I can get rid of this message without downloading the root certificate to each and every client browsers Certificate store.</P></BODY></HTML> Mon, 13 Nov 2006 10:11:56 GMT Former Member 2006-11-13T10:11:56Z https://community.sap.com/t5/application-development-and-automation-discussions/security-alert-when-accessing-a-https-page/m-p/1642493#M286117 <HTML><HEAD></HEAD><BODY><P>Hi all,</P><P></P><P>I have configured SSL to the JAVA system. I got the digitally sigend certificate from the MS Certification Authority.I imported the certificate and the root certificate to the key-storage after to a new entry in the service-ssl view.</P><P>I stopped and started the Key-storage and SSl provider services. </P><P></P><P>I am able to browse the portal via SSL but I get a Security alert which says " the certificate is issued by a company you have not chosen to trust"And there is a red mark in the certificate which says " certificate cannot be verified up to a trusted certification authority"</P><P></P><P>I have imported the root certificate also to the JAVA visual administrator then why am i getting this security alert.?</P><P></P><P>Also I dont get this alert only if I download the root certificate to the browser's certificateion store.</P><P></P><P>Is there a way through which I can get rid of this message without downloading the root certificate to each and every client browsers Certificate store.</P></BODY></HTML> Mon, 13 Nov 2006 10:11:56 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-alert-when-accessing-a-https-page/m-p/1642493#M286117 Former Member 2006-11-13T10:11:56Z https://community.sap.com/t5/application-development-and-automation-discussions/security-alert-when-accessing-a-https-page/m-p/1642494#M286118 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>One way to add your own MS Certification Authority (I'm assuming you have insstalled a local certificate server which and that you are not using a cerfitifcate from a real trusted root CA) into the browsers is via policies in the network logon. But this of course requires that every client is part of your Windows domain.</P><P></P><P>Marcel</P></BODY></HTML> Mon, 13 Nov 2006 10:39:34 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-alert-when-accessing-a-https-page/m-p/1642494#M286118 MarcelRabe 2006-11-13T10:39:34Z https://community.sap.com/t5/application-development-and-automation-discussions/security-alert-when-accessing-a-https-page/m-p/1642495#M286119 <HTML><HEAD></HEAD><BODY><P>Hi Marcel,</P><P></P><P>Thanks a lot for the quick response.</P><P></P><P>Yes that could be a way. also I have found scripts which when run will install the certificate on the clients.</P><P></P><P>I have imported the root certificate directly to the JAVA system then why is it still throwing the error security warning.</P><P></P><P>so does it mean there is no way by which we can eliminate this security warning by installing the root certificate in one central point or server.</P><P></P><P>Thanks</P><P></P><P>Priya</P></BODY></HTML> Mon, 13 Nov 2006 11:03:03 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-alert-when-accessing-a-https-page/m-p/1642495#M286119 Former Member 2006-11-13T11:03:03Z https://community.sap.com/t5/application-development-and-automation-discussions/security-alert-when-accessing-a-https-page/m-p/1642496#M286120 <HTML><HEAD></HEAD><BODY><P>Hi Priya</P><P></P><P>as far as i know not. The list of trusted root CA's is filled by the browser suppliers with CA's that they trust. Any other CA's you will have to import manually or via scripts/</P><P></P><P>Marcel</P></BODY></HTML> Mon, 13 Nov 2006 11:43:46 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-alert-when-accessing-a-https-page/m-p/1642496#M286120 MarcelRabe 2006-11-13T11:43:46Z https://community.sap.com/t5/application-development-and-automation-discussions/security-alert-when-accessing-a-https-page/m-p/1642497#M286121 <HTML><HEAD></HEAD><BODY><P>The &lt;b&gt;root certificate&lt;/b&gt; need to be present (i.e. in the local keystore) at the SSL client (here: the web browser); the SSL client &lt;u&gt;must not&lt;/u&gt; trust the SSL server (even if the SSL server would provide the root certificate in the https response during the SSL handshake).</P><P></P><P>Most web browsers are shipped with a bunch of root certificates (and intermediate certificates) to simplify the initial setup. If you operate your own CA then definetly the corresponding root certiticate is not present in the web browser's keystore.</P><P></P><P>Cheers, Wolfgang</P></BODY></HTML> Mon, 13 Nov 2006 12:21:01 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-alert-when-accessing-a-https-page/m-p/1642497#M286121 Wolfgang_Janzen 2006-11-13T12:21:01Z