Skip to Content

Hey out there!  Our internal SSL certs expire every 2 years, so I recently  had to go through the steps to quickly renew them in our web dispatcher(s).

I’d like to share that information here to serve as quick reference for others!

Our OS:

AIX 6.1

Our Web Disp Version:

Web Administration Version 7.21.0, Thu Oct 03 14:45:51 CET 2013

SAP Web Dispatcher Version 7.21.0, multithreaded, ASCII, 64 BIT

kernel information
system name WXX
kernel release 721
database library
compiled on AIX 1 6 00CFADC14C00
compiled time Oct 18 2014 21:47:28
update level 0
patch number 330
source id 0.330

Commands:

As WXXADM, in the $SECUDIR directory:

./sapgenpse gen_pse -p SAPSSLS.pse -onlyreq -r WXX.req

./sapgenpse gen_pse -p SAPSSLC.pse -onlyreq -r WXXsslc.req

This exports the request


FTP the files to your PC. Now goto CRL, sign new P7B for each(save the files as WXXcertnew2015.p7b and WXXsslc-certnew2015.p7b) .  FTP back to to $SECUDIR

./sapgenpse import_own_cert -p SAPSSLS.pse -c WXXcertnew2015.p7b

./sapgenpse import_own_cert -p SAPSSLC.pse -c WXXsslc-certnew2015.p7b

This imports the signed certs

./sapgenpse seclogin -p SAPSSLS.pse -O wxxadm

./sapgenpse seclogin -p SAPSSLC.pse -O wxxadm

This generates new cred_v2 files for the user (if prompted for a PIN,enter it)

STOP and START the WEB DISPATHER

You must restart the web dispatcher before it’ll read the new certs

Now hit your back-end ECC/CRM/BW (whatever) system using the HTTPs port on your webdispatcher.

check cert to see if signed for another 2 years!


Hope that helps!

NICK


To report this post you need to login first.

2 Comments

You must be Logged on to comment or reply to a post.

  1. Cristiano Hansen

    Hi Nick,

    Good post. In the new Web Dispatcher, with the web administration tool, it is possible to manage certificates without using sapgenpse directly.

    Cheers,

    Cris

    (0) 

Leave a Reply