cancel
Showing results for 
Search instead for 
Did you mean: 

SAPGENPSE for new SHA256 standard

Former Member
0 Kudos

Hi,

We run Netweaver Portal 7.31 SP09 with SSL Signature Algorithm sha1WithRSAEncryption (1.2.840.113549.1.1.5)

Our CA auhority ask us to upgrade our hash to sha256, but I can't figure out how to do this from NWA > Certificate and Keys: Storage view.

I have investigated using SAPGENPSE command line with the following help document (with no luck)

http://help.sap.com/saphelp_nw04s/helpdata/en/a6/f19a3dc0d82453e10000000a114084/content.htm

I ran this command from the kernel directory (NTADM64 folder). It created the PSE and REQ files. I have send the REQ file to my CA authority.

sapgenpse get_pse -a sha256WithRsaEncryption -s 2048 -p SAPSSLS.pse -x abcpin -r abc.req "CN=host123.mycompany.com, OU=I1234567890-MyCompany, OU=SAP Web AS, O=SAP Trust Community, C=DE"

When my CA authority replied back, they told me that the signature type was still sha1WithRSAEncryption.

Would you have any suggestions for me?

Here's my cryptographic Library (CommonCryptoLib 8). SHA256 is supported right?


cmd>sapgenpse cryptinfo
Properties of Secure Login Crypto Kernel:

FIPS 140-2                = NO
API-VERSION               = 1
VERSION                   = 2.0.2.0.0
FILE-VERSION              = 8.4.10.0
CPU-FEATURES-SUPPORTED    = AES-NI
CPU-FEATURES-ACTIVE       =
HASH-ALGORITHMS           = MD2,MD4,MD5,SHA1,SHA224,SHA256,SHA384,SHA512,RIPEMD1
28,RIPEMD160,CRC32
ENCRYPTION-ALGORITHMS     = RSA,ELGAMAL,AES128,AES192,AES256,DES,TDES2KEY,TDES2K
EY,IDEA,RC2,RC4,RC5_32
ENCRYPTION-MODES          = ECB,CBC,CFB*8,OFB*8,CTR,CTSECB,CTSCBC,GCM
PADDING-MODES             = PKCS1BT01,PKCS1BT02,PKCS1PSS,PKCS1OAEP,X.923,PEM,B1,
XML,SSL
KEYEDHASH-ALGORITHMS      = HMAC
SIG-ALGORITHMS            = RSA,DSA
KEYEXCHANGE-ALGORITHMS    = DH
RANDOM-ALGORITHMS         = CTR_DRBG

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

You need to upgrade your CommonCryptoLib to at least PL 11, see SAP note 1931778 for details. If it still doesn't work omit the key size or use at least 3072.

Answers (0)