on 01-19-2019 7:19 AM
Hi Guys,
Since I have many servers in our company and manually putting SSL certificates in STRUST is very tiring thing. Also since I am using Letsencrypt as my CA to get the certs signed, it has only 3 months validity, so it's hard to remember the renewal dates. I know how to automate the cert renewal on operating system level by using Certbot.
But how can I automate the deployment process of certs in SAP Tcode - STRUST. Is there any script that can do it ? I just want that whenever a server needs a cert to be renewed it automatically generates Cert signing Request (CSR) gets a signed cert from a CA and deploys it in STRUST.
I am using SAP NetWeaver AS ABAP. Please provide any kind of suggestion that can help automate the process. Has anyone been able to automate this process? How to know when a certificate is about to be expired? how automatically create the x509 cer file? how to upload the x509 automatically to SAP ABAP? Please let me know if more information is needed.
I didn't hear of any tool to mass upload the certificates.
But at least, you may use this report:
SSF_ALERT_CERTEXPIRE
You are alerted for soon-expiring certificates. The report has many options.
ADDENDUM: You may develop your own program by using the APIs provided in note 1014077 - Downport: API for SSO2 trust configuration (ABAP) (STRUSTSSO2 is almost the same as STRUST except that there is an additional part for SAP Logon tickets) ; maybe also check the note 1130923 - External STRUST-API (advance delivery), but it's not obvious whether there is something really official.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Sandra,
Thanks a lot for your quick response. Since I am new in this field, If you have any other info regarding this topic then please share. I am looking for this report -> SSF_ALERT_CERTEXPIRE, as you mentioned. It will take me much time to go through this report, if I had any questions on this then I will ask.
Hi Sandra,
By using sapgenpse commands on our operating system, we can export and import our certificates. My question is after importing the signed cert by sapgenpse will that put the cert directly into the STRUST ? and after importing the signed cert, then I dont need to do anything in SAPGUI (STRUST) ? If everything is done by issuing commands by sapgenpse, then I can automate it by making batch files and run it in job schduler as background job, is it possible ?
riteshbansal696 do you ask the same question again? If so, then let me answer the same as previously 🙂 By the way, if you plan developing a tool to automate it, and publish it, then the community will thank you a lot, of course. Oh, I saw something, let me edit my answer, please check it in 2 minutes.
User | Count |
---|---|
82 | |
11 | |
7 | |
6 | |
6 | |
6 | |
6 | |
6 | |
6 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.