Skip to Content

Tips for renewing SSL Certs on the Web Dispatcher

Hey out there!  Our internal SSL certs expire every 2 years, so I recently  had to go through the steps to quickly renew them in our web dispatcher(s).

I’d like to share that information here to serve as quick reference for others!

Our OS:

AIX 6.1

Our Web Disp Version:

Web Administration Version 7.21.0, Thu Oct 03 14:45:51 CET 2013

SAP Web Dispatcher Version 7.21.0, multithreaded, ASCII, 64 BIT

kernel information
system name WXX
kernel release 721
database library
compiled on AIX 1 6 00CFADC14C00
compiled time Oct 18 2014 21:47:28
update level 0
patch number 330
source id 0.330


As WXXADM, in the $SECUDIR directory:

./sapgenpse gen_pse -p SAPSSLS.pse -onlyreq -r WXX.req

./sapgenpse gen_pse -p SAPSSLC.pse -onlyreq -r WXXsslc.req

This exports the request

FTP the files to your PC. Now goto CRL, sign new P7B for each(save the files as WXXcertnew2015.p7b and WXXsslc-certnew2015.p7b) .  FTP back to to $SECUDIR

./sapgenpse import_own_cert -p SAPSSLS.pse -c WXXcertnew2015.p7b

./sapgenpse import_own_cert -p SAPSSLC.pse -c WXXsslc-certnew2015.p7b

This imports the signed certs

./sapgenpse seclogin -p SAPSSLS.pse -O wxxadm

./sapgenpse seclogin -p SAPSSLC.pse -O wxxadm

This generates new cred_v2 files for the user (if prompted for a PIN,enter it)


You must restart the web dispatcher before it’ll read the new certs

Now hit your back-end ECC/CRM/BW (whatever) system using the HTTPs port on your webdispatcher.

check cert to see if signed for another 2 years!

Hope that helps!


You must be Logged on to comment or reply to a post.