When I am in Projects I see often that People do not understand how certificates work,

However this is easy to answer…

A Protocol like https, ldaps or what ever need certificates to work secure as the encryption is

based on the them. You can have selfsigned certificates (normal case when you have just installed a Netweaver System)

or CA signed certificates. Using self signed certificates in a Project can make a lot of effort, use a CA when ever possible.

But why there are certificate errors?

Once the communication starts the Caller check the following things in the Certificate he received:

1. Do I know the Issuer of the certificate?

2. Is the certificate in a valid time window.

3. Is the CN exactly that what was called

How to check whats wrong with the Certificate?

1. Do I know the Issuer of the certificate?

Check the certificate:

CA Certificate_1.png

If  you don’t trust this CA or self signed certificate it looks like this:

CA Certificate_3.png

Read and execute 😕

To Trust the certificate import it:

CA Certificate_2.png

CA Certificate_1.png

CA Certificate_1.png

CA Certificate_1.png

CA Certificate_2.png

Now you trust the Certificates from this Issuer.

If you still receive Errors check the next Question:

2. Is the certificate in a valid time window.

After some time Certificates are on their EOL. ^

You can check easily by looking into the Valid from – to Property

CA Certificate_3.png

The most common problem come from different CNs what bring us to the last question:

3. Is the CN exactly that what was called

Each Certificate have a CN Which you can see in the Issued to Property:

CA Certificate_3.png

Assuming this certificate is issued to CN=hostname.domain.local, ensure that you exactly call this within your application,

otherwise it will fail.

Often in Projects is that someone calls https://hostname:port/application instead of https://hostname.domain.local:port/application

and then is blaming about certificate errors 😎

To report this post you need to login first.

1 Comment

You must be Logged on to comment or reply to a post.

Leave a Reply