Skip to Content
Technical Articles
Author's profile photo Mahesh L

Dividing CA certificate and installing SSL in Webdispatcher

***Happy to compose my first blog post***



I personally tried installing the SSL certificate in the web dispatcher from the web administration page by following this –

Despite following the steps described in this note – 2542858, I failed to fix the error mentioned in it

Hence tried importing the certificate from the OS level and got it fixed, here we are the details:


WD 7.73



You have generated the CSR response and got the signed certificates from CA to import in web dispatcher



Opening the received certificate looks like the below:

Here there are 2 parts of the certificate as shown above:

1. DigiCert – root certificate

2. RapidSSL RSA CA 2018 – intermediate certificate

Lets see how to generate these two as we need them while importing the SSL


Generating the root certificate:

To generate the root certificate, highlight the DigiCert, Click on view Certificate, Go to details and copy to file:


Proceed with the dialogue box by selecting the below option:


Input the certificate as root.cer(Digicert) and export it to be desired location


Generating the intermediate certificate:

Repeat the same steps by selecting the RapidSSL for generating the intermediate certificate and export it as intermediate.cer to the location where the root.cer was saved


Now we have all the certificates in place:


Importing the certificates into OS level:

Login to the OS level and copy the above generated certificates into the sec directory of the web dispatcher:


Set the secudir environment variable if not already set and execute the below command:

sapgenpse import_own_cert -p SAPSSLS.pse -c *****.cer -r root.cer -r intermediate.cer

The above command will import the signed CA response into the SAPSSLS.pse

Restart the Webdispatcher instance and access the Web dispatcher URL to view the secured certificate:



Now the respective URL will have no red security errors and with clean valid SSL certificate

Assigned Tags

      1 Comment
      You must be Logged on to comment or reply to a post.
      Author's profile photo Isaias Freitas
      Isaias Freitas

      Hello Mahesh,

      It depends on whether you have used the Web Dispatcher itself (e.g., through its web admin UI) to generate the CSR or nor.

      In your case, it seems that you have not created the CSR from the Web Dispatcher itself.

      For this situation, there is the SAP KBA 2148457 - How to convert the keypair of a PKCS#12 / PFX container into a PSE file (S-user required).

      In summary, it suggests doing what you did :-).