cancel
Showing results for 
Search instead for 
Did you mean: 

2 valid certificates in STRUST with same CN. Which one is used ?

former_member612721
Participant
0 Kudos
1,051

Hello SAP community,

I have a question about how SAP uses the certificates in STRUST in the following situation:

There are 2 certificates :

- with same CN (*.domain.com)

- both are in validity date

- one is self-signed, while the other one is trusted by the CA authority DigiSign


When I run the browser and open the NWBC URL (in domain.com) , which of the 2 certificates from STRUST is being used ?

Is the certificates order in Certificates List relevant ?

Thank you,

George

View Entire Topic
cris_hansen
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi George,

When you call a service from your SAP system, the certificate used is always the "Own Certificate" from the SSL Server Standard PSE in STRUST.

The certificate list is used to validate client certificates (e.g. my X.509 client certificate is signed by abc, so the certificate from abc needs to be in the certificate list, otherwise the client certificate is not accepted).

Regards,

Cris

former_member612721
Participant
0 Kudos

Hello Cristiano,


Thank you for the reply

However, the connection works ok after replacing the Own certficate, even though the certicate list is empty now ... which makes me confused. But the untrusted connection message, when accessing the system from browser, is now gone.. which means the SSL Standard certficate works fine now even if the certificate list is empty. I guess that's a good thing

cris_hansen
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Alexandru,

The explanation for the certificate list is available in the SAP Help.

Kind regards,

Cris