cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

New certificate renewal process

Go to solution
SAPSupport
Employee
Employee

a month ago

0 Kudos
429

Hello Team,

 

We are currently in the process of renewing certificates for our project.
For example, the existing certificate details are as follows:
CN=*

 

We plan to replace the organization name from O=* to O=**
Previously, when a certificate expired, we followed the steps below:
Step 1: If the certificate was expired or about to expire, we generated a new CSR from STRUST and requested a signature from the business team.
Step 2: Once approved, we received the signed certificate via email and downloaded it to our local system.
Step 3: If the certificate was self-signed, we imported the Root + CA + System certificates into STRUST.
Step 4: If the certificate was local, we imported it from the system and updated it.
Step 5: After updating the certificate in the system, we distributed it across applications and, if required, performed an ICM restart for the SSL certificate to take effect.

 

Since we are now changing the organization name, we would like your suggestions on the process.
Additionally, we have observed that some certificates in the system have already expired.

 


Please advise on the next steps as well as is there any easy steps to import the certificate.


Thank you,


--- Support Assistant ---
I have a problem in transaction STRUST


------------------------------------------------------------------------------------------------------------------------------------------------
Learn more about the SAP Support user and program here.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

SAPSupport
Employee
Employee
a month ago
0 Kudos

For the renewal process, if you need to update the organization name from "O=*" to "O=**" you can use the Replacement Wizard Tool. 

Using this tool, you can modify the Distinguished Name and Subject Alternative Names attributes of the certificate, generate a key pair, and create a Certificate Signing Request.

Once you have the CSR, you can proceed with your current process to request the signature from your business team. After receiving the Certificate Signing Response, you can then use the Replacement Wizard Tool to complete the import process.

In order to make use of the Replacement Wizard tool, the system must have the corrections of SAP Note 2414090 - STRUST wizard to replace existing key pairs.

This requires a minimum of SAP_BASIS:   
740    SAPKB74017
750    SAPK-75007INSAPBASIS
751    SAPK-75102INSAPBASIS

The renew process is documented in the KBA 3431066 - How to sign a certificate using the Replacement Wizard tool which you can use it as reference.

Show replies
Show replies

Answers (0)

Ask a Question