cancel
Showing results for 
Search instead for 
Did you mean: 

Enabling certificate revocation (CRL) by PKI-Login on SAP GUI

Former Member
0 Kudos

Hello everybody,

Due to SAP Notes 1975482 it should be possible on SAP NetWeaver Single Sign-On 2.0 Support Package 03 to use Certificate Revocation Check (CommonCryptoLib) on backend site. So I've configured all relevant xml parameters for CommonCryptoLib  (SAP Note 1996839 ) on specific SAP Test System. For Example I set revocation check (revCheck = yes) and set the specific path for CRL Cache Directory where the latest Certifcate Revocation Lists (CRL's) from the Intermediate CA's are stored.

After Configuration I tested PKI Login on SAP GUI / SAP Test System with a locked PKI-Certificate which is listed in CRL, but I get Access to SAP System, so he didn't check against CRL / CommonCryptoLib on backend site. Did I forget a configuration task?

I also found a SAP documentation to configure Certificate Revocation on SAP Systems with transaction STRUST but in my point of view is this an alternative way to Certifcate Revocation Check (CommonCryptoLib) on backend site or am I wrong? Could anyone help me?

Thank you very much.

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

Hi Thomas,

Did you have the CommonCryptoLib (CCL) installed or the Secure Login library? The CRL is only enable if you have a license for SAP NetWeaver Single Sign-On 2.0. You can verify this if you check in your installation path, thht the library sapnwsso is available.

If this is the case, you should enable the  Secure Login library traces to check, why the CRL is not done.

KR

Valerie