We can use report SSF_ALERT_CERTEXPIRE to check for expired certificates in PSEs (or certificates that are about to expire):

/wp-content/uploads/2015/10/001_817053.jpg

The expected message is an email containing the PSE name that needs to be analyzed:

/wp-content/uploads/2015/10/002_817054.jpg

It is possible that, given a configuration issue, the actual message is not valid:

/wp-content/uploads/2015/10/003_817058.jpg

This can be resolved by using transaction code ALRTCATDEF.

After double clicking “Security-Relevant Alerts”, the properties present “Expiry of Certificates (SNC, SSF, SSL…)”.

The messages are defined in tab “Long and Short Text”:

/wp-content/uploads/2015/10/004_817059.jpg

If there are red lights in “Short Text (SMS, Pager)” and “Long Text (E-Mail, Fax)”, then this is the reason for the incorrect message.

It is necessary to edit it (clicking “Display/Change” button in the toolbar), adding:

“…

Certificate expires in &DAYS& in system &SYS& (PSE type > &PSE&)

…”

for the first (short text):

/wp-content/uploads/2015/10/005_817060.jpg

And:

“…

The system determined that a certificate of PSE type >&PSE&<(administered by system &SYS&) expires in &DAYS&.

You must extend or renew this certificate immediately.

Run the report SSF_ALERT_CERTEXPIRE. This report produces a list of all installed certificates, together with their expiration dates.

Alternatively, call transaction STRUST. The message displayed contains the PSE type (a node) in which you can find the certificate in question.

…”

for the second (long text):

/wp-content/uploads/2015/10/006_817061.jpg

The issue is resolved.


References


SAP note 572035 – Warning about expired security certificates

SAP note 588297 –  Warnings about security certificates in the system logs



To report this post you need to login first.

Be the first to leave a comment

You must be Logged on to comment or reply to a post.

Leave a Reply