Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Verisign Certifcate expires in 60 days in my EP7 portal

Go to solution
Former Member

‎04-20-2012 9:38 AM

0 Kudos

Hi All

The verisign certifcate in my portal is about to expire and am struggling to find definitive instructions on how to replace it. I know I need to generate a CSR request from my portal and send it off to verisign and then import the response. But I have 4 server nodes and am not sure whether I need 4 CSR requests or can just generate 1. I also know I need to import the response into all 4 of my server nodes.

My problem is if I generate a CSR request before the verisgn certifcate actually expires then it may not have the correct information in it as the service_ssl in my Visual Admin already has verisgn information in it.

Has anyone replaced an existing certifcate before and can help me out please?

Thanks

Steve

1 ACCEPTED SOLUTION

Go to solution
mvoros
Active Contributor

‎04-20-2012 10:58 AM

0 Kudos

Hi,

you need just one request because all nodes correspond to one hostname. I don't understand your comment about not being able to generate request in advance. A SSL certificate is issued for a hostname. So you can request another certificate for same hostname and when you get it you can immediately replace old certificate with new one.

Check also SAP documentation about enabling SSL.

Cheers

3 REPLIES 3

Go to solution
mvoros
Active Contributor

‎04-20-2012 10:58 AM

0 Kudos

Hi,

you need just one request because all nodes correspond to one hostname. I don't understand your comment about not being able to generate request in advance. A SSL certificate is issued for a hostname. So you can request another certificate for same hostname and when you get it you can immediately replace old certificate with new one.

Check also SAP documentation about enabling SSL.

Cheers

Go to solution
Former Member
In response to mvoros

‎04-20-2012 11:50 AM

0 Kudos

Hi Martin

Thanks very much for your reply it confirms that I should only need one CSR request for all four nodes. As for the second part I'll try and explain it better. The certifcate is for the URL that the users use to access the portal. In VA - Key storage - service_ssl I have two entries for my portal.

PRD_XSS & PRD_XSS-cert. Selecting PRD_XSS I can create a CSR request file wheras PRD_XSS-cert I cannot. But the PRD_XSS already has a verisign certifcate which expires in June. My worry is if I create the CSR request it will use the versign information in the existing one to create the request and not our company information that was contained in the original request 3 years ago. I have inserted an image view of my VA to try and illustrate this.

Its the OU= bit I'm worried about as it should contain our comany info not verisign info in the CSR I think.

Thanks

Regards

Preview file
203 KB

Go to solution
mvoros
Active Contributor
In response to mvoros

‎04-23-2012 12:08 AM

0 Kudos

It shouldn't use any values from CA. So what is OU equal to in that certificate? On your screen shot I can see only values from section CA. Obviously, these values came from CA that signed your cert. In this case it's Verisign. Just to be sure when you go to your site what certificate do you get? You can check in your browser fingerprint of certificate. Find this certificate in key storage and you need to replace it with new certificate. The new certificate should have exactly same organizational values as the old one.

Cheers