Skip to Content

Pre-requisite (refer installation guide for detailed procedure of pre-requisites):

image

3. In the ‘Views’ pane select service_ssl and click the ‘Create’ button to generate a certificate signing request (CSR). Screen as shown below will pop-up. Maintain the entries in the screen below.

image

4. Give an entry name. Select the store certificate checkbox.

5. Click on ‘Generate’ button.

6. Two entries will be created in ‘Entries’ pane as shown in the screen below.

image

19. Restart the portal.

To report this post you need to login first.

45 Comments

You must be Logged on to comment or reply to a post.

  1. Ricardo Fonseca
    Hi Aniket,
    I followed the steps in your article but I’m getting and error saying that it isn’t a trust certificate. When I open the certificate, there is no path to the root.
    I imported all intermediate certificates as you have mentioned.

    Have you ever seen something like this? I think that probably it’s an error in the certificate itself, that hasn’t the path, but I was wondering if I did some mistake or if there is anything else to configure…

    Thanks,

    Marcelo

    (0) 
    1. Aniket Tare Post author
      Hi Marcelo,

      Apologize for the delay. Was away from work.

      I am afraid I did not get this error.

      At what step do you get this error? If you are getting this error when trying to import the certificate signed by the authority then I believe the problem lies with the certificate.

      Also I hope you have maintained the correct sequence when importing.

      Regards,
      Aniket

      (0) 
      1. Raza Ali
        Ankit,
        it is useful blogs.
        Currently SAP Portal connected with SAP R/3 and ADS server and all are running on http protocol.

        Current requirement is to implement the Https in portal only. So can you please write me what is minimum settings are required to implement the https in portal.

        I implemented the same setting for Portal and ESS is working fine but in the case of MSS when i am clicking the “Edit Form” it is showing below Errors:

        The initial exception that caused the request to fail, was:

           java.net.ConnectException: Connection refused: connect

            at java.net.PlainSocketImpl.socketConnect(Native Method)
            at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305)
            at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171)
            at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158)
            at java.net.Socket.connect(Socket.java:461)
            … 47 more

        Can you please suggest me if i left any settings

        Regards
        Ali

        (0) 
        1. Aniket Tare Post author
          Hi Ali,

          If this error is coming for only the ‘Edit Form’ type application of MSS and not for other webdynpro applications in MSS, then I believe it has something to do with your ADS (Adobe Document Service).

          Where have you set up ADS? Is it on the same instance as the portal?

          I have not faced this problem before, but I suggest if ADS is set-up on a different instance, you try enabling HTTPS for ADS too and then change the destination URL in your portal accordingly.

          Regards,
          Aniket

          (0) 
  2. Ricardo Fonseca
    Hi Aniket,
    I followed the steps in your article but I’m getting and error saying that it isn’t a trust certificate. When I open the certificate, there is no path to the root.
    I imported all intermediate certificates as you have mentioned.

    Have you ever seen something like this? I think that probably it’s an error in the certificate itself, that hasn’t the path, but I was wondering if I did some mistake or if there is anything else to configure…

    Thanks,

    Marcelo

    (0) 
    1. Aniket Tare Post author
      Hi Marcelo,

      Apologize for the delay. Was away from work.

      I am afraid I did not get this error.

      At what step do you get this error? If you are getting this error when trying to import the certificate signed by the authority then I believe the problem lies with the certificate.

      Also I hope you have maintained the correct sequence when importing.

      Regards,
      Aniket

      (0) 
      1. Raza Ali
        Ankit,
        it is useful blogs.
        Currently SAP Portal connected with SAP R/3 and ADS server and all are running on http protocol.

        Current requirement is to implement the Https in portal only. So can you please write me what is minimum settings are required to implement the https in portal.

        I implemented the same setting for Portal and ESS is working fine but in the case of MSS when i am clicking the “Edit Form” it is showing below Errors:

        The initial exception that caused the request to fail, was:

           java.net.ConnectException: Connection refused: connect

            at java.net.PlainSocketImpl.socketConnect(Native Method)
            at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305)
            at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171)
            at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158)
            at java.net.Socket.connect(Socket.java:461)
            … 47 more

        Can you please suggest me if i left any settings

        Regards
        Ali

        (0) 
        1. Aniket Tare Post author
          Hi Ali,

          If this error is coming for only the ‘Edit Form’ type application of MSS and not for other webdynpro applications in MSS, then I believe it has something to do with your ADS (Adobe Document Service).

          Where have you set up ADS? Is it on the same instance as the portal?

          I have not faced this problem before, but I suggest if ADS is set-up on a different instance, you try enabling HTTPS for ADS too and then change the destination URL in your portal accordingly.

          Regards,
          Aniket

          (0) 
  3. Ricardo Fonseca
    Hi Aniket,
    I followed the steps in your article but I’m getting and error saying that it isn’t a trust certificate. When I open the certificate, there is no path to the root.
    I imported all intermediate certificates as you have mentioned.

    Have you ever seen something like this? I think that probably it’s an error in the certificate itself, that hasn’t the path, but I was wondering if I did some mistake or if there is anything else to configure…

    Thanks,

    Marcelo

    (0) 
    1. Aniket Tare Post author
      Hi Marcelo,

      Apologize for the delay. Was away from work.

      I am afraid I did not get this error.

      At what step do you get this error? If you are getting this error when trying to import the certificate signed by the authority then I believe the problem lies with the certificate.

      Also I hope you have maintained the correct sequence when importing.

      Regards,
      Aniket

      (0) 
      1. Raza Ali
        Ankit,
        it is useful blogs.
        Currently SAP Portal connected with SAP R/3 and ADS server and all are running on http protocol.

        Current requirement is to implement the Https in portal only. So can you please write me what is minimum settings are required to implement the https in portal.

        I implemented the same setting for Portal and ESS is working fine but in the case of MSS when i am clicking the “Edit Form” it is showing below Errors:

        The initial exception that caused the request to fail, was:

           java.net.ConnectException: Connection refused: connect

            at java.net.PlainSocketImpl.socketConnect(Native Method)
            at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305)
            at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171)
            at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158)
            at java.net.Socket.connect(Socket.java:461)
            … 47 more

        Can you please suggest me if i left any settings

        Regards
        Ali

        (0) 
        1. Aniket Tare Post author
          Hi Ali,

          If this error is coming for only the ‘Edit Form’ type application of MSS and not for other webdynpro applications in MSS, then I believe it has something to do with your ADS (Adobe Document Service).

          Where have you set up ADS? Is it on the same instance as the portal?

          I have not faced this problem before, but I suggest if ADS is set-up on a different instance, you try enabling HTTPS for ADS too and then change the destination URL in your portal accordingly.

          Regards,
          Aniket

          (0) 
  4. Gita Chhatri
    Nice blog… could you please explain, if my SSL is configured on the ABAP stack of my WAS, can I use it on the web services deployed on J2EE engine? How?
    (0) 
      1. Wolfgang Janzen
        The port range is not relevant – of course, one port / socket cannot be used by multiple processes (ABAP and Java AS). But that’s not relevant for SSL servers. What matters is the (FQDN) hostname. So, for a DualStack (where both stacks are deployed on the same machine) you could use the same SSL server certificate for both stacks. However, both stacks use separate keystores (Java: keystore, ABAP: PSE). The Java keystore management tool allows to perform a PKCS#12 export. Unfortenately the ABAP transaction STRUST does not provide the corresponding PKCS#12 import feature. But you could use the commandline tool sapgenpse to perform this action (as of SAPcryptolib PL 16, see SAP Note 745063).
        (0) 
      2. User Satyam
        I am following this sdn blog /people/aniket.tare/blog/2005/03/22/ssl-certificate-installation-procedure-for-sap-j2ee-engine-630-150-steps-in-visual-administrator
        for setting up SSL connection into SAP EP. I have 2 queries into this

        1) Can we generate private key, CSR and certificate either from visual admin way as described in the link above as well as from typing some simple linux commands (My sap ep is installed on linux) in case I do not want to go visual admin way.

        wat is the difference between this 2 process? which process should I go for, visual admin way OR typing linux commands to generate certificates?

        2) Suppose I followed the above link and in that at step 8, i do not want to buy certificate from verisign and all instead i want to have self signed certificate, how will I get self signed certificate after performing step 8

        (0) 
  5. Gita Chhatri
    Nice blog… could you please explain, if my SSL is configured on the ABAP stack of my WAS, can I use it on the web services deployed on J2EE engine? How?
    (0) 
      1. Wolfgang Janzen
        The port range is not relevant – of course, one port / socket cannot be used by multiple processes (ABAP and Java AS). But that’s not relevant for SSL servers. What matters is the (FQDN) hostname. So, for a DualStack (where both stacks are deployed on the same machine) you could use the same SSL server certificate for both stacks. However, both stacks use separate keystores (Java: keystore, ABAP: PSE). The Java keystore management tool allows to perform a PKCS#12 export. Unfortenately the ABAP transaction STRUST does not provide the corresponding PKCS#12 import feature. But you could use the commandline tool sapgenpse to perform this action (as of SAPcryptolib PL 16, see SAP Note 745063).
        (0) 
      2. User Satyam
        I am following this sdn blog /people/aniket.tare/blog/2005/03/22/ssl-certificate-installation-procedure-for-sap-j2ee-engine-630-150-steps-in-visual-administrator
        for setting up SSL connection into SAP EP. I have 2 queries into this

        1) Can we generate private key, CSR and certificate either from visual admin way as described in the link above as well as from typing some simple linux commands (My sap ep is installed on linux) in case I do not want to go visual admin way.

        wat is the difference between this 2 process? which process should I go for, visual admin way OR typing linux commands to generate certificates?

        2) Suppose I followed the above link and in that at step 8, i do not want to buy certificate from verisign and all instead i want to have self signed certificate, how will I get self signed certificate after performing step 8

        (0) 
  6. Gita Chhatri
    Nice blog… could you please explain, if my SSL is configured on the ABAP stack of my WAS, can I use it on the web services deployed on J2EE engine? How?
    (0) 
      1. Wolfgang Janzen
        The port range is not relevant – of course, one port / socket cannot be used by multiple processes (ABAP and Java AS). But that’s not relevant for SSL servers. What matters is the (FQDN) hostname. So, for a DualStack (where both stacks are deployed on the same machine) you could use the same SSL server certificate for both stacks. However, both stacks use separate keystores (Java: keystore, ABAP: PSE). The Java keystore management tool allows to perform a PKCS#12 export. Unfortenately the ABAP transaction STRUST does not provide the corresponding PKCS#12 import feature. But you could use the commandline tool sapgenpse to perform this action (as of SAPcryptolib PL 16, see SAP Note 745063).
        (0) 
      2. User Satyam
        I am following this sdn blog /people/aniket.tare/blog/2005/03/22/ssl-certificate-installation-procedure-for-sap-j2ee-engine-630-150-steps-in-visual-administrator
        for setting up SSL connection into SAP EP. I have 2 queries into this

        1) Can we generate private key, CSR and certificate either from visual admin way as described in the link above as well as from typing some simple linux commands (My sap ep is installed on linux) in case I do not want to go visual admin way.

        wat is the difference between this 2 process? which process should I go for, visual admin way OR typing linux commands to generate certificates?

        2) Suppose I followed the above link and in that at step 8, i do not want to buy certificate from verisign and all instead i want to have self signed certificate, how will I get self signed certificate after performing step 8

        (0) 
  7. Nelson Raj
    I followed all the steps exactly as mentioned. The certificate installation process is successful, however the point where you assign the Key pair to the server, there is a discrepancy. I am able to select the port in case of active sockets only, not in case of new sockets. Is this OK? When is it required to have an entry for new sockets? What could be the problem?
    (0) 
  8. Nelson Raj
    I followed all the steps exactly as mentioned. The certificate installation process is successful, however the point where you assign the Key pair to the server, there is a discrepancy. I am able to select the port in case of active sockets only, not in case of new sockets. Is this OK? When is it required to have an entry for new sockets? What could be the problem?
    (0) 
  9. Nelson Raj
    I followed all the steps exactly as mentioned. The certificate installation process is successful, however the point where you assign the Key pair to the server, there is a discrepancy. I am able to select the port in case of active sockets only, not in case of new sockets. Is this OK? When is it required to have an entry for new sockets? What could be the problem?
    (0) 
  10. Wolfgang Janzen
    To me it looks wrong to perform the “load” operation (as described in step 10) since that might overwrite (and therefore destroy) the private key entry of the keystore.
    (0) 
  11. Wolfgang Janzen
    To me it looks wrong to perform the “load” operation (as described in step 10) since that might overwrite (and therefore destroy) the private key entry of the keystore.
    (0) 
  12. Wolfgang Janzen
    To me it looks wrong to perform the “load” operation (as described in step 10) since that might overwrite (and therefore destroy) the private key entry of the keystore.
    (0) 
  13. Domenico Petronella
    hi at all,
    to me, it looks that the instructions provided in step 10 are not correct.
    It seems it overwrites the private key entry (by performing the “load” operation). Instead, you should have imported the CSR Response (pressing the button “Import CSR Response”).

    It’s right?
    Domenico.

    (0) 
  14. Domenico Petronella
    hi at all,
    to me, it looks that the instructions provided in step 10 are not correct.
    It seems it overwrites the private key entry (by performing the “load” operation). Instead, you should have imported the CSR Response (pressing the button “Import CSR Response”).

    It’s right?
    Domenico.

    (0) 
  15. Domenico Petronella
    hi at all,
    to me, it looks that the instructions provided in step 10 are not correct.
    It seems it overwrites the private key entry (by performing the “load” operation). Instead, you should have imported the CSR Response (pressing the button “Import CSR Response”).

    It’s right?
    Domenico.

    (0) 
  16. Sean Morgan
    In your step 12, I believe you need to select the Trusted CAs view first. It’s only the final signed cert that appears in the server view.
    (0) 
    1. User Satyam
      I am following this sdn blog /people/aniket.tare/blog/2005/03/22/ssl-certificate-installation-procedure-for-sap-j2ee-engine-630-150-steps-in-visual-administrator
      for setting up SSL connection into SAP EP. I have 2 queries into this

      1) Can we generate private key, CSR and certificate either from visual admin way as described in the link above as well as from typing some simple linux commands (My sap ep is installed on linux) in case I do not want to go visual admin way.

      wat is the difference between this 2 process? which process should I go for, visual admin way OR typing linux commands to generate certificates?

      2) Suppose I followed the above link and in that at step 8, i do not want to buy certificate from verisign and all instead i want to have self signed certificate, how will I get self signed certificate after performing step 8

      (0) 
  17. Sean Morgan
    In your step 12, I believe you need to select the Trusted CAs view first. It’s only the final signed cert that appears in the server view.
    (0) 
    1. User Satyam
      I am following this sdn blog /people/aniket.tare/blog/2005/03/22/ssl-certificate-installation-procedure-for-sap-j2ee-engine-630-150-steps-in-visual-administrator
      for setting up SSL connection into SAP EP. I have 2 queries into this

      1) Can we generate private key, CSR and certificate either from visual admin way as described in the link above as well as from typing some simple linux commands (My sap ep is installed on linux) in case I do not want to go visual admin way.

      wat is the difference between this 2 process? which process should I go for, visual admin way OR typing linux commands to generate certificates?

      2) Suppose I followed the above link and in that at step 8, i do not want to buy certificate from verisign and all instead i want to have self signed certificate, how will I get self signed certificate after performing step 8

      (0) 
  18. Sean Morgan
    In your step 12, I believe you need to select the Trusted CAs view first. It’s only the final signed cert that appears in the server view.
    (0) 
    1. User Satyam
      I am following this sdn blog /people/aniket.tare/blog/2005/03/22/ssl-certificate-installation-procedure-for-sap-j2ee-engine-630-150-steps-in-visual-administrator
      for setting up SSL connection into SAP EP. I have 2 queries into this

      1) Can we generate private key, CSR and certificate either from visual admin way as described in the link above as well as from typing some simple linux commands (My sap ep is installed on linux) in case I do not want to go visual admin way.

      wat is the difference between this 2 process? which process should I go for, visual admin way OR typing linux commands to generate certificates?

      2) Suppose I followed the above link and in that at step 8, i do not want to buy certificate from verisign and all instead i want to have self signed certificate, how will I get self signed certificate after performing step 8

      (0) 
  19. User Satyam
    I am following this sdn blog /people/aniket.tare/blog/2005/03/22/ssl-certificate-installation-procedure-for-sap-j2ee-engine-630-150-steps-in-visual-administrator
    for setting up SSL connection into SAP EP. I have 2 queries into this

    1) Can we generate private key, CSR and certificate either from visual admin way as described in the link above as well as from typing some simple linux commands (My sap ep is installed on linux) in case I do not want to go visual admin way.

    wat is the difference between this 2 process? which process should I go for, visual admin way OR typing linux commands to generate certificates?

    2) Suppose I followed the above link and in that at step 8, i do not want to buy certificate from verisign and all instead i want to have self signed certificate, how will I get self signed certificate after performing step 8

    (0) 
  20. User Satyam
    I am following this sdn blog /people/aniket.tare/blog/2005/03/22/ssl-certificate-installation-procedure-for-sap-j2ee-engine-630-150-steps-in-visual-administrator
    for setting up SSL connection into SAP EP. I have 2 queries into this

    1) Can we generate private key, CSR and certificate either from visual admin way as described in the link above as well as from typing some simple linux commands (My sap ep is installed on linux) in case I do not want to go visual admin way.

    wat is the difference between this 2 process? which process should I go for, visual admin way OR typing linux commands to generate certificates?

    2) Suppose I followed the above link and in that at step 8, i do not want to buy certificate from verisign and all instead i want to have self signed certificate, how will I get self signed certificate after performing step 8

    (0) 
  21. User Satyam
    I am following this sdn blog /people/aniket.tare/blog/2005/03/22/ssl-certificate-installation-procedure-for-sap-j2ee-engine-630-150-steps-in-visual-administrator
    for setting up SSL connection into SAP EP. I have 2 queries into this

    1) Can we generate private key, CSR and certificate either from visual admin way as described in the link above as well as from typing some simple linux commands (My sap ep is installed on linux) in case I do not want to go visual admin way.

    wat is the difference between this 2 process? which process should I go for, visual admin way OR typing linux commands to generate certificates?

    2) Suppose I followed the above link and in that at step 8, i do not want to buy certificate from verisign and all instead i want to have self signed certificate, how will I get self signed certificate after performing step 8

    (0) 

Leave a Reply