Skip to Content
Technical Articles
Author's profile photo Nikola Simeonov

Creating a Key Pair and Public-Key Certificate with Subject Alternative Name (SAN)

The following enhancements are planned to be released for SAP NW 7.5 SPS 25. Please review the procedure to check if it complies with your expectations.

Procedure

  1. Open the Key Storage Content tab.
  2. Select the view for which you want to create a key pair and certificate from the Key Storage Views.
  3. In the View Entries tab, choose Create.

    The New Entry dialog appears.

  4. In Step 1, define the basic settings of the new entry.
    1. In the Entry Name field, specify a name for the certificate.
    2. Select the certificate algorithm in Algorithm, for example, RSA (Rivest, Shamir, Adleman) or DSA (Digital Signature Algorithm).
    3. Choose the certificate key length in Key Length.
    4. Specify the certificate validity period in the Valid From and Valid To fields.

      Enter the values using the format mm/dd/yyyy.

    5. If you want to have a copy of the new certificate as a separate keystore entry next to the new key pair in the key storage, select Store Certificate.

    Choose Next.

  5. In Step 2, specify the properties of the Subject field for the certificate. If no property has value, the Subject Alternative Name extension will be denoted as critical.

    Choose Next.

  6. In Step 3, specify the properties of the Subject Alternative Name extension of the certificate. If at least one property of the Subject has a value, the Subject Alternative Name extension will be denoted as non-critical.
    • Add the directory name properties. You can also use the Move Up and Move Down buttons to sort the properties.
    • Add all other subject alternative name properties and choose Next.

  7. In Step 4, sign the new entry with a key pair and choose the signature hashing algorithm for the certificate. This step is optional.

    If you want to specify a Certification Authority (CA) key pair, choose Select Issuer Key Pair and select the view from which to specify the CA key pair.

    If you create a self-signed certificate, then specify hashing algorithm for the certificate signature in the Signature Hashing Algorithm menu. If you specify a signing CA , the hashing algorithm will be used from the CA certificate.

    Choose Next.

  8. In Step 5, preview your settings.

    To create the new entry, choose Finish.

Result

A progress bar indicates the generation of the key pair and certificate. Once generated, they are displayed on the View Entries list.

Your Feedback

Your feedback on this configuration is appreciated. Please tell us if:

  • You can intuitively use this functionality, and what we can improve on its usability.
  • The newly added SAN support for the certificate generation solves your previous issues.
  • You need other certificate generation features that will improve your daily work.

Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.