Dividing CA certificate and installing SSL in Webdispatcher
***Happy to compose my first blog post***
I personally tried installing the SSL certificate in the web dispatcher from the web administration page by following this – https://wiki.scn.sap.com/wiki/display/SI/Managing+PSE+files+at+the+Web+Dispatcher
Despite following the steps described in this note – 2542858, I failed to fix the error mentioned in it
Hence tried importing the certificate from the OS level and got it fixed, here we are the details:
You have generated the CSR response and got the signed certificates from CA to import in web dispatcher
Opening the received certificate looks like the below:
Here there are 2 parts of the certificate as shown above:
1. DigiCert – root certificate
2. RapidSSL RSA CA 2018 – intermediate certificate
Lets see how to generate these two as we need them while importing the SSL
Generating the root certificate:
To generate the root certificate, highlight the DigiCert, Click on view Certificate, Go to details and copy to file:
Proceed with the dialogue box by selecting the below option:
Input the certificate as root.cer(Digicert) and export it to be desired location
Generating the intermediate certificate:
Repeat the same steps by selecting the RapidSSL for generating the intermediate certificate and export it as intermediate.cer to the location where the root.cer was saved
Now we have all the certificates in place:
Importing the certificates into OS level:
Login to the OS level and copy the above generated certificates into the sec directory of the web dispatcher:
Set the secudir environment variable if not already set and execute the below command:
sapgenpse import_own_cert -p SAPSSLS.pse -c *****.cer -r root.cer -r intermediate.cer
The above command will import the signed CA response into the SAPSSLS.pse
Restart the Webdispatcher instance and access the Web dispatcher URL to view the secured certificate:
Now the respective URL will have no red security errors and with clean valid SSL certificate
It depends on whether you have used the Web Dispatcher itself (e.g., through its web admin UI) to generate the CSR or nor.
In your case, it seems that you have not created the CSR from the Web Dispatcher itself.
For this situation, there is the SAP KBA 2148457 - How to convert the keypair of a PKCS#12 / PFX container into a PSE file (S-user required).
In summary, it suggests doing what you did :-).