Skip to Content
Author's profile photo Cristiano Hansen
Cristiano Hansen
July 14, 2015 2 minute read

Use of SHA-2 algorithm family in SSL PSEs, part 2

This is the sequel of my first blog, presenting a new UI interface available for SAP Web Dispatcher.


1. Prerequisites

In order to use the PSE Management in Web Administration Interface of SAP Web Dispatcher, it necessary to use version 7.42 of the load balancer, as of patch level 22.

It is necessary that the user ID used for the administration has Admin rights (set the “admin” group while creating the user ID):

WDP 05.jpg

2. Initial view

By starting the Web Dispatcher Administration page, the left hand menu presents the PSE Management link:

WDP 01.jpg


If the PSEs are already created in the $SECUDIR directory, the following screen is displayed:

WDP 02.jpg


In the example above, note that there is one certificate in the PKList.


By clicking in the “Recreate PSE” button, the PSE will be recreated, thus you can use one algorithm from the SHA-2 family.


3. Recreating the PSE

The Distinguished Name needs to be informed, using in the Common Name the FQDN of the Web Dispatcher.


In the Algorithm dropdown box, it is possible select the SHA-2 algorithm:

WDP 03.jpg


It is also possible to select the key length (usually higher than 1024 bits, as CAs are no longer signing CSRs with 1024 bits) and a PIN.


Since this is a new PSE, it is necessary to create a CSR and submit to a CA, once it current PSE has a self-signed certificate (validity until 2038):

WDP 04.jpg


It is also necessary to import additional certificates, as the PKList is now empty.


After creating the CSR, it is possible to read its content (using a third party tool) and see:

“…

Certificate Request:

    Data:

        Version: 0 (0x0)

        Subject: CN=

        Subject Public Key Info:

            Public Key Algorithm: rsaEncryption

                Public-Key: (4096 bit)

                Modulus:

                Exponent: 65537 (0x10001)

        Attributes:

            a0:00

    Signature Algorithm: sha256WithRSAEncryption

…”

The Signature Algorithm shows the use of sha256, as selected during the PSE creation.

4. Reference Documents

Assigned Tags

      4 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Hi Cris,

      very nice blog,helpful.

      Author's profile photo Former Member
      Former Member

      Hello Chris,

      Really nice blog but can you give me SAP note where show which SWD version do you need according to your SAP version?

      Author's profile photo Cristiano Hansen
      Cristiano Hansen
      Blog Post Author

      Hello,

      Could you clarify about the SAP version you use? You should be able to use the most recent CommonCryptoLib and be able to use SHA-2 algorithms.

      Thanks,

      Cris

      Author's profile photo Former Member
      Former Member

      Hello,

      ECC6.