Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Importing intermediate Certificate

Former Member

on ‎2009 Mar 03 3:48 PM

0 Likes
2,433

We are having issues importing a intermediate certificate from Thawte. We were able to import the Web Server certificate with no problems but when we try the intermediate one it says "no public key can be found."

Has anyone ran into this issue before?

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
View Entire Topic
Former Member
‎2009 Apr 16 2:03 PM
0 Likes

We just solved this by running sapgenpse import_own_cert -p <pse file> -c <certificate file> -r <intermediate file>

Show replies
Show replies
Former Member
‎2015 Apr 22 7:29 PM
0 Likes

Hi.

Let me give a bit clearer explanation.

Assuming you have previously setup SSL and HTTPS a Certificate Import is not to hard.

From whoever manages your Certificates they will give you three items.

1. Root Certificate     Root-R1.cer

2. Intermediate Certificate    gsorgsha2256.cer

3. Self Signed Certificate    southern.com.pfx

I upload these to my AIX server in a staged area   /SAP/stage/gscerts

Next copy these files to your  your SECUDIR as noted below.  Run sapgenpse from that area also.

Set your environment (in my case AIX)

setenv SECURDIR /usr/sap/SID/DVMB##/sec   (Use the actual values)

    setenv SECURDIR /usr/sap/FSB/DVEMB01/sec

You concatenate these 3 files in one string with the following command.

sapgenpse import_p12 -r Root1.cer -r gsorsha2256.cer -p SAPSSLS.pse southern.com.pfx

It will normally ask you for a Pin  that was given to you when they sent you the certificates.

This will produce a file called SAPSSL.pse   in your /usr/sap/DVMB##/sec directory.

Then you must run a 2nd step to generate a secure logon file.

sapgenpse  seclogin -p SAPSSLS.pse -O <SID> adm 

Copy the SAPSSLS.pse to your local computer.

Run strustssO2 and import the PSE Key.  Point it to your local computer and the SAPSSLS.pse file.

Double Click on the file, it will auto populate the next table.

Then click on 'Add to Certificate List .

Then click on add to ACL.  Enter the SID and Instance #.

Save. 

You must restart the ICM to get the new key read.

View the ICM trace file to ensure it finds the certificate.

I hope that helps. If you have questions, feel free to ask.

Ask a Question