cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Renewing SSL certificate

Go to solution
Former Member

on ‎01-23-2009 8:15 AM

0 Kudos

Hi All,

I´d like to renew an SSL certificate on our Portal.

I have send the certificate request to a company such as Verysign and get the response, but don´t know how to install it.

I obtained the certificate request from the Visual Admin and then from the KeyStorage > SSL service.

I have also imported the certificate response to the location specified below.

Do I have now to restart the node sot that it takes effect?

Thanks for your help!

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎01-23-2009 10:26 PM
0 Kudos

Once you import the response from Verisign it should be ready to go... Make sure you pick the correct ssl certificate from the list in the middle and check that it has the [signed] text..

Show replies
Show replies
Former Member
‎01-27-2009 9:54 AM
0 Kudos

Hi Michael,

Thanks for your reply!

I have noticed "in the middle" a trustedCAs and on the right pannel, there is EntrustPersonnalServerCA / EntrustServerCA / InQDemoCA / SAPPassportCA / SAPServerCA / TCTrustcenterClass1 / TCTrustcenterClass2

An idea on where to apply the new ceriticate?

Thanks!

Former Member
‎01-27-2009 10:59 PM
0 Kudos

Under "Views" pick service_ssl, and then the entry which you generated from the middle block.

Former Member
‎01-28-2009 8:00 AM
0 Kudos

Thanks!

I have applied the new certificate and here is what I see as a validy period:

[ validNotBefore ]: Wed Jan 21 13:05:05 CET 2009

[ validNotAfter ]: Sat Jan 30 13:05:05 CET 2010

Do I have to restart the node?

Former Member
‎01-28-2009 8:47 AM
0 Kudos

No, it should not be necessary...

Former Member
‎01-28-2009 8:50 AM
0 Kudos

Thanks again for your reply!

It seems then the certificate had not been taken in account, when I browse the URL there is still an error message and the old certificate is taken in account (which is expired).

Did I missed doing something?

former_member201513
Explorer
‎01-28-2009 8:55 AM
0 Kudos

Have you downloaded the new certificate?

Former Member
‎01-28-2009 8:57 AM
0 Kudos

Did you make a new certificate or update the existing one? If you updated, then all should be OK. If you made a new certificate, then you need to use Visual Admin and go to the ssl_provider service and select the new certificate name.

Former Member
‎01-28-2009 9:10 AM
0 Kudos

I have generated a request (Generation of a CSR response) from Visual admin that has been submitted to a company such as Verisign.

Once the certificate had been generated, I have imported it (import CSR response) under service_ssl and the entry (left pannel) created for the specific certificate.

By now, I can see the certificate will expire in 2010 but it is not taken in effect when browsing the URL...

Former Member
‎01-28-2009 9:13 AM
0 Kudos

As I asked, was it a new entry or did you delete the old entry and bring it in with the same name? In the middle pain, when service_ssl is selected under View, how many entries do you have?

Former Member
‎01-28-2009 9:18 AM
0 Kudos

Under service_ssl there is ssl-cretentials, ssl-credential-cert and a specific entry, let´s call it certportal.

I have highlited this certportal entry and requested for a CSR request, once this CSR obtained, I have imported it to this certportal entry. Therefore, I have not deleted this certportal entry, just applied a new certificate.

Former Member
‎01-28-2009 9:24 AM
0 Kudos

And now you have to go to the ssl provider service in Visual Admin and tell it to use your new certificate... Pick your dispatcher, select the tab "Server Identity" and Add the name you just created...

Former Member
‎01-28-2009 9:29 AM
0 Kudos

This name already exists in the location you have specified.

I have added it anew anyway...

EDIT and now it works fine!

Thanks!

Edited by: Saleki Siavauch on Jan 28, 2009 10:34 AM

Former Member
‎06-29-2009 1:15 PM
0 Kudos

Hello Saleki Siavauch ,

As my Portal " single sign on certificate " is expired now.

We did following process:

1. Logon to the Visual Administrator tool and browse to Server > Services > Key Storage.

2. Choosen Ticket Store > SAPLogonTicketKeypair-cert and click on Export to save the certificate locally

3. Save the certificate (.CRT) locally on a directory that you can easily find:

4. Logon the ERP backend system and execute transaction code strustsso2.

5. On the main screen, double click on the u201COwneru201D own certificate and on the u201CCertificateu201D block, choose the u201CImport Certificateu201D option.

6. Browse for the previously saved certificate (.CRT).

7. After the certificate is imported, it has to be added to the u201CCertificate listu201D and the u201CACL listu201D. Click on u201CAdd to certificate listu201D and u201CAdd to ACLu201D

8. When adding to the ACL list, you need to fill in the following data:

9.Fill all details Sytem ID :<Portal ID> client : <000>

10.Click on u201CSaveu201D to commit your changes

11. Next export the ERP backend certificate, in order to import it in the Visual Administrator. Double click the u201COwn Certificate u2013 Owneru201D to display the details below the u201CCertificateu201D section.

12. Click on the u201CExport Certificateu201D button, choose the path and CRT filename to save it locally;

13. Go back to the Visual Administrator tool and click on the u201CLoadu201D button:

14. Choose the exported CRT file. The certificate details will appear:

Now when I again login to my EP It asks me the backened system username and password again Which I don't want that pop up.That means SSO certificate not uploaded correctly.Please suggest where I have missed something.

Waiting for reply!!!!

Best Regards.

Answers (0)

Ask a Question