This document provides instructions for generating a Certificate Signing Request (CSR) for SAP Web Application Server. If you are unable to use these instructions for your server, Symantec recommends that you contact SAP.
NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match.
NOTE: You must generate an individual certificate request for each application server that uses a server-specific PSE. If you use a system-wide SSL server PSE, then you only need to generate a single certificate request.
To determine each unique SSL server PSE, expand the SSL server PSE node in the trust manager and select each application server with a double-click. The server's Distinguished Name appears in the Owner field.
For each application server with a unique Distinguished Name, you must generate a certificate request.
To generate a Key Pair and Certificate Signing Request, perform the steps bellow:
- Open the Trust Manager
- Expand the SSL server PSE node.
- For each unique SSL server PSE (each server-specific PSE or a single system-wide PSE) select the application server.
The application server's certificate appears in the PSE maintenance section in the Owner field.
- Fill out the required CSR information:
- Country Name (C): Use the two-letter code without punctuation for country, for example: US or CA.
- State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: California
- Locality or City (L): The Locality field is the city or town name
- Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll.
- Organizational Unit (OU): This field is the name of the department or organization unit making the request.
- Common Name (CN): The Common Name is the Host + Domain Name. It looks like "www.symantec.com" or "symantec.com".
NOTE: Symantec certificates can only be used on Web servers using the Common Name specified during enrollment. For example, a certificate for the domain "symantec.com" will receive a warning if accessing a site named "www.symantec.com" or "secure.symantec.com", because "www.symantec.com" and "secure.symantec.com" are different from "symantec.com".
- In the PSE maintenance section, choose Create Certificate Request. A dialog appears showing the certificate request.
- Select the content of the request and copy it to your clipboard. Choose Copy or save the certificate request to a file (<file_name>.P10) using Save as local file.
- Verify your CSR
- Copy and paste the CSR in the enrollment form when required
Once the SSL certificate has been issued, follow the steps from this link to install it on the server: SO6572
For more infromation refer to SAP Support