
Make sure the CommonCryptoLib is at least version 8.4.11 as per SAP note 1931778
Check SECUDIR environment settings if needed adjust environment
You can make copy of /usr/sap/<SID>/<INSTANCE>/sec folder
If needed you can download and extract the latest SAPCRYPTOGRAPHIC library in this folder
set SECUDIR=/usr/sap/<SID>/<INSTANCE>/sec
sapgenpse get_pse -a sha256WithRsaEncryption -s 2048 -p <PSEFile>.pse -noreq -x "CN=asappreep.abc.com, OU=SAP, O=ABC Technologies Ltd, L=Pune, ST=Maharashtra, C=IN"
This will generate the <PSEFile>.pse in the /sec folder
sapgenpse seclogin –p <PSEFile>.pse –O <sid>adm –x <password>
sapgenpse export_own_cert -o <CRTFile>.csr -p <PSEFile>.pse
Send the <CSRFile>.csr file to signing authority,
send note that we need Base64 .CER format
sapgenpse export_own_cert -o <CRTFile>-cert.crt -p <PSEFIle>.pse
Create Private key file to be Imported into Visual Admin
sapgenpse export_p12 -p <PSEFile>.pse <PRIVKeyFile>.p12
Start the Visual Admin Tool --> Logon as ADMINISTRATOR server --> TicketKeyStore --> service_ssl --> Load button
Import below files using above option:
1) <CRTFile>-cert.crt
2) <PRIVKeyFile>.p12
After completion of Import of Private Key & Certificate file.
copy the CA response file send by CA authority along with ROOT & Intermediate certificate into /sec folder
Start the Visual Admin tool
Server --> KeyStorage --> service_ssl -->
Click on Import Certificate Response --> Provide the file input from the CA response file
Click OK
These steps import the CSR response file into KeyStorage you have selected.
Dispatcher --> SSL Provider --> select dispatcher --> click on Client Identities tab
--> click on Add --> it will show you the certificate list --> choose your certificate and click OK
Post completion of above steps, you can either take RESTART of KeyStorage Service and SSL Provider service or take complete application restart.
Now you are good to start with application testing by opening page in your Browser
https:/<applicationHost>/:<SSLPort>/index.html
you should see the lock symbol in url post opening of page.
Congratulations !! You have completed the SSL certificate implementation in SAP JAVA system.
2172534 - NWA is unable to create certifcates with SHA256, create them externally using sapgenpse
1622263 - SAP Release Note for LMAUTOSTD 1.0 SP03
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
3 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |