Ask a Question

Advanced Search

Solution ID : SO22348

Last Modified : 05/31/2019

Certificate Signing Request (CSR) Generation Instructions for SAP Web Application Server


This document provides instructions for generating a Certificate Signing Request (CSR) for SAP Web Application Server. If you are unable to use these instructions for your server, DigiCert recommends that you contact SAP.
NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match.

NOTE: You must generate an individual certificate request for each application server that uses a server-specific PSE. If you use a system-wide SSL server PSE, then you only need to generate a single certificate request.
To determine each unique SSL server PSE, expand the SSL server PSE node in the trust manager and select each application server with a double-click. The server's Distinguished Name appears in the Owner field.
For each application server with a unique Distinguished Name, you must generate a certificate request.

To generate a Key Pair and Certificate Signing Request, perform the steps bellow:

  1. Open the Trust Manager
  2. Expand the SSL server PSE node.
  3. For each unique SSL server PSE (each server-specific PSE or a single system-wide PSE) select the application server.
    The application server's certificate appears in the PSE maintenance section in the Owner field.
  4. Fill out the required CSR information:
    • Country Name (C): Use the two-letter code without punctuation for country, for example: US or CA.
    • State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: California
    • Locality or City (L): The Locality field is the city or town name
    • Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll. 
    • Organizational Unit (OU): This field is the name of the department or organization unit making the request.
    • Common Name (CN): The Common Name is the Host + Domain Name. It looks like "" or "".
      NOTE: DigiCert certificates can only be used on Web servers using the Common Name specified during enrollment. For example, a certificate for the domain "" will receive a warning if accessing a site named "" or "", because "" and "" are different from "".
  5. In the PSE maintenance section, choose Create Certificate Request. A dialog appears showing the certificate request.
  6. Select the content of the request and copy it to your clipboard. Choose Copy or save the certificate request to a file (<file_name>.P10) using Save as local file.
  7. Verify your CSR
  8. Copy and paste the CSR in the enrollment form when required

Once the SSL certificate has been issued, follow the steps from this link to install it on the server: SO6572

SAP Support

        For more infromation refer to SAP Support