on 2020 Apr 10 9:33 PM
Hello SAP community,
I have a question about how SAP uses the certificates in STRUST in the following situation:
There are 2 certificates :
- with same CN (*.domain.com)
- both are in validity date
- one is self-signed, while the other one is trusted by the CA authority DigiSign
When I run the browser and open the NWBC URL (in domain.com) , which of the 2 certificates from STRUST is being used ?
Is the certificates order in Certificates List relevant ?
Thank you,
George
Request clarification before answering.
Hi George,
When you call a service from your SAP system, the certificate used is always the "Own Certificate" from the SSL Server Standard PSE in STRUST.
The certificate list is used to validate client certificates (e.g. my X.509 client certificate is signed by abc, so the certificate from abc needs to be in the certificate list, otherwise the client certificate is not accepted).
Regards,
Cris
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Cristiano,
Thank you for the reply
However, the connection works ok after replacing the Own certficate, even though the certicate list is empty now ... which makes me confused. But the untrusted connection message, when accessing the system from browser, is now gone.. which means the SSL Standard certficate works fine now even if the certificate list is empty. I guess that's a good thing
Hi Alexandru,
The explanation for the certificate list is available in the SAP Help.
Kind regards,
Cris
User | Count |
---|---|
75 | |
30 | |
9 | |
8 | |
7 | |
6 | |
6 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.