SSL Certificate Installation using SAP Web Dispatcher
- Access the ZIP folder provided to unzip the certificate files into the server in which the certificate will be installed.
The ZIP folder should contain the following:
- An SSL Certificate - (e.g. SSL247_certificate.crt)
- The Intermediate CA Certificate - (e.g. Intermediate.crt)
- A Root CA Certificate - (e.g. SSL247-Root.crt)
- Copy the Root CA and Intermediate files onto the server in which the certificate will be installed.
Follow either of the following methods to install an SSL certificate using the SAP Web Dispatcher
Method 1: Installing using Trust Manager
- Close the certificate request dialog if still open
- To load the SAP Web Dispatcher's PSE in the maintenance section (if not already loaded), select the "File" node then select the specific PSE from the system
- In PSE Maintenance select "Import Cert. Response", which will cause the certificate response dialog to appear.
- Insert the contents of the certificate request into the text box
- The signed public-key certificate (refer to Step 1) is imported into SAP Web Dispatcher's PSE, which is displayed in its "Maintenance" section.
- The PSE will require you to create a PIN
- Save the data in Trust Manager
- This will prompt the system to require a location for the newly created PSE. You have to replace the PSE created earlier in the process.
- If the file was saved as a local file on the application server, copy it into SECUDIR directory on SAP Web Dispatcher.
Method 2: Installing using SAPGENPSE
- Use the configuration tool "SAPGENPSE" to import the certificate request response into the PSEs
- Run the following set of commands:
Example: SAPGENPSE import_own_cert < Additional Options > -p < PSE_file > -c < Certificatefile.crt > -r < CAcertificate.crt > - x < PIN >
- -p < PSE_Name > This is the path and file name for the PSE. The path is "SECUDIR Directory" and file name is "SAPSSLS.pse"
(Path description should be in quotation marks if spaces are present)
- -c < Cert_File > The path and file name of the certificate request response.
- -r < RootCA_cert_file > The file containing both Root CA certificate and the Intermediate CA certificate.
Intermediate CA ccertificate has tio be first, then following by the Root CA.
Example: Open any text editor (Notepad, Sublime) then paste the Intermediate CA certificate (e.g Intermediate.crt) and Root CA (e.g. SSL247-Root.crt) in the following order:
-----BEGIN CERTIFICATE----- [Intermediate 1] -----END CERTIFICATE-----
-----BEGIN CERTIFICATE----- [Intermediate 2] -----END CERTIFICATE-----
-----BEGIN CERTIFICATE----- [Root CA] -----END CERTIFICATE-----
-x < PIN > This protects the PSE character string.
Or this process can be also completed through using the following command:
> cat intermediate1.crt intermediate2.crt root.crt > ssl-bundle.crt
- verify that the certificate was installed correctly by accesing the Certificate Health Checker.