cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Automate deployment of SSL certificate in STRUST

Go to solution
former_member594375
Explorer

on ‎01-19-2019 7:19 AM

Hi Guys,

Since I have many servers in our company and manually putting SSL certificates in STRUST is very tiring thing. Also since I am using Letsencrypt as my CA to get the certs signed, it has only 3 months validity, so it's hard to remember the renewal dates. I know how to automate the cert renewal on operating system level by using Certbot.

But how can I automate the deployment process of certs in SAP Tcode - STRUST. Is there any script that can do it ? I just want that whenever a server needs a cert to be renewed it automatically generates Cert signing Request (CSR) gets a signed cert from a CA and deploys it in STRUST.

I am using SAP NetWeaver AS ABAP. Please provide any kind of suggestion that can help automate the process. Has anyone been able to automate this process? How to know when a certificate is about to be expired? how automatically create the x509 cer file? how to upload the x509 automatically to SAP ABAP? Please let me know if more information is needed.

Show replies
Show replies
Answer
View Entire Topic
Sandra_Rossi
Active Contributor
‎01-19-2019 8:27 AM

I didn't hear of any tool to mass upload the certificates.

But at least, you may use this report:

SSF_ALERT_CERTEXPIRE

You are alerted for soon-expiring certificates. The report has many options.

ADDENDUM: You may develop your own program by using the APIs provided in note 1014077 - Downport: API for SSO2 trust configuration (ABAP) (STRUSTSSO2 is almost the same as STRUST except that there is an additional part for SAP Logon tickets) ; maybe also check the note 1130923 - External STRUST-API (advance delivery), but it's not obvious whether there is something really official.

Show replies
Show replies
former_member594375
Explorer
‎01-19-2019 11:39 AM
0 Kudos

Hi Sandra,

Thanks a lot for your quick response. Since I am new in this field, If you have any other info regarding this topic then please share. I am looking for this report -> SSF_ALERT_CERTEXPIRE, as you mentioned. It will take me much time to go through this report, if I had any questions on this then I will ask.

former_member600447
Explorer
‎01-29-2019 8:37 AM
0 Kudos

Hi Sandra,

By using sapgenpse commands on our operating system, we can export and import our certificates. My question is after importing the signed cert by sapgenpse will that put the cert directly into the STRUST ? and after importing the signed cert, then I dont need to do anything in SAPGUI (STRUST) ? If everything is done by issuing commands by sapgenpse, then I can automate it by making batch files and run it in job schduler as background job, is it possible ?

Sandra_Rossi
Active Contributor
‎01-29-2019 8:48 AM
0 Kudos

riteshbansal696 do you ask the same question again? If so, then let me answer the same as previously 🙂 By the way, if you plan developing a tool to automate it, and publish it, then the community will thank you a lot, of course. Oh, I saw something, let me edit my answer, please check it in 2 minutes.

Ask a Question