Certificate installation : SAP Web Dispatcher

May 25, 2018 in SW Web Switch

Certificate installation : SAP Web Dispatcher

Step 1:

Unzip the certificate files onto the server where you will install the certificate.

The ZIP file you downloaded contains the following certificates:

  • SSL certificate (i.e. ssl_certificate.crt)
  • Intermediate CA certificate (i.e. IntermediateCA.crt)
  • Root CA certificate (i.e. Root.crt)

Copy the Root CA and Intermediate certificate file onto the server where you will install the certificate.

Step 2. Install the SSL Certificate

To install an SSL certificate on a SAP Web Dispatcher, follow either one of the following methods:

Method 1. Install the SSL Certificate using the Trust Manager

  1. If the certificate request dialog is still open, then close it.
  2. If the SAP Web Dispatcher’s PSE is not loaded in the PSE maintenance section, then load it by selecting the File node with a double-click and selecting the PSE from the file system.
  3. In the PSE maintenance section, choose Import Cert. Response. The dialog for the certificate response appears.
  4. Insert the contents of the certificate request response into the dialog’s text box either using Copy&Paste or by loading the file from the file system.
  5. The signed public-key certificate (i.e. ssl_certificate.crt, as described in Step 2) is imported into the SAP Web Dispatcher’s PSE, which is displayed in the PSE maintenance section.
  6. You can view the certificate by selecting it with a double-click. The certificate information is then shown in the certificate maintenance section.
  7. Create a PIN for the PSE.
    NOTE: It is recommended using a PIN to protect the PSE, especially if the SAP Web Dispatcher is located in your demilitarized zone.
  8. Save the data in the trust manager.
  9. You are prompted for the location to which to save the PSE. Replace the PSE that you created earlier.
  10. If you saved the PSE to a local file on the application server, then copy it to the SECUDIR directory on the SAP Web Dispatcher.

Method 2. Install the SSL Certificate using SAPGENPSE

  1. Use configuration tool sapgenpse to import the certificate request response into the PSEs.
  2. Run the following command:

    Example: sapgenpse import_own_cert <Additional_options> -p <PSE_file> -c <Certificatefile.crt> -r <Cacertificate.crt> -x <PIN>

    -p <PSE_Name> Path and file name of the PSE. The path is the SECUDIR directory and the file name is SAPSSLS.pse.
    for the SSL server PSE or SAPSSLC.pse for the SSL client PSE (if it exists). Path description (in quotation marks, if spaces exist).

    -c <Cert_file> Path and file name of the certificate request response. Path description (in quotation marks, if spaces exist).

    -r <RootCA_cert_file> File containing both the Root CA certificate and the Intermediate CA certificate. The Intermediate CA
    certificate is to be first followed by the Root CA certificate. Path description (in quotation marks, if spaces exist).

    For example:
    Open a Notepad, paste the Intermediate CA certificate (i.e. IntermediateCA.crt as described in Step 2) and Root CA certificate (i.e. RootCA.crt as described in Step 1) in the following order:


-----BEGIN CERTIFICATE-----
[Intermediate 1]
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
[Intermediate 2]
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
[Root CA]
-----END CERTIFICATE-----

-x <PIN> PIN that protects the PSE Character string.

OR

By using > cat intermediate1.crt intermediate2.crt root.crt > ssl-bundle.crt

Step 5: Verify certificate installation

  1. To verify if your certificate is installed correctly, use the Sectigo's SSL Checker