Use of SHA-2 algorithm family in SSL PSEs, part 2
This is the sequel of my first blog, presenting a new UI interface available for SAP Web Dispatcher.
In order to use the PSE Management in Web Administration Interface of SAP Web Dispatcher, it necessary to use version 7.42 of the load balancer, as of patch level 22.
It is necessary that the user ID used for the administration has Admin rights (set the “admin” group while creating the user ID):
2. Initial view
By starting the Web Dispatcher Administration page, the left hand menu presents the PSE Management link:
If the PSEs are already created in the $SECUDIR directory, the following screen is displayed:
In the example above, note that there is one certificate in the PKList.
By clicking in the “Recreate PSE” button, the PSE will be recreated, thus you can use one algorithm from the SHA-2 family.
3. Recreating the PSE
The Distinguished Name needs to be informed, using in the Common Name the FQDN of the Web Dispatcher.
In the Algorithm dropdown box, it is possible select the SHA-2 algorithm:
It is also possible to select the key length (usually higher than 1024 bits, as CAs are no longer signing CSRs with 1024 bits) and a PIN.
Since this is a new PSE, it is necessary to create a CSR and submit to a CA, once it current PSE has a self-signed certificate (validity until 2038):
It is also necessary to import additional certificates, as the PKList is now empty.
After creating the CSR, it is possible to read its content (using a third party tool) and see:
Version: 0 (0x0)
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
The Signature Algorithm shows the use of sha256, as selected during the PSE creation.
4. Reference Documents
- 2009483 – PSE Management in Web Administration Interface of SAP Web Dispatcher
- 2009878 – Purpose of the PSE Files in PSE Management of SAP Web Dispatcher
- 2014996 – SSL Setup SAP Web Dispatcher
- Using the Web Administration Interface
- SAP Web Dispatcher Wiki page
very nice blog,helpful.
Really nice blog but can you give me SAP note where show which SWD version do you need according to your SAP version?
Could you clarify about the SAP version you use? You should be able to use the most recent CommonCryptoLib and be able to use SHA-2 algorithms.