This document provides installation instructions for SAP Web Dispatcher. If unable to use these instructions for your server, Symantec recommends to contact the server vendor or an organization which supports SAP.
Step 1. Download the Symantec intermediate CA and root certificate
NOTE: To check which certificate type you have purchased, follow the steps from this link.
- Download the appropriate Root CA Certificate under Managed PKI for SSL section from this link.
- Download the Intermediate CA certificate from this link.
- Select the Managed PKI for SSL tab.
- Select the appropriate Intermediate CA certificate based on your SSL certificate product type.
- Copy the Intermediate CA certificate and paste it on a Notepad or Vi document.
- Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks or additional characters
have been inadvertently added.
- Copy the Root CA and paste is right after the Intermediate CA in the Notepad or Vi document.
- Save the file as CAcert.pem
Step 2. Obtain the SSL Certificate
- Once your Managed PKI for SSL administrator has approved the certificate request, you will receive an email with
a certificate download link, also attached (cert.cer), as well as in the body of the email itself.
- If copying the certificate imbedded in the body of the email, paste it into a text file using Vi or Notepad.
NOTE: Do not use Microsoft Word or other word processing programs that may add characters.
Confirm that there are no extra lines or spaces in the file.
The text file should look like:
NOTE: Click here for steps download the certificate from your Managed PKI for SSL subscriber services page.
Please select X.509 as a certificate format and copy only the End Entity Certificate.
- Save the as SSL.pem
Step 3. Install the SSL certificate
To install the SSL certificate on a SAP Web Dispatcher, follow either one of the following methods.
Method 1: Install the SSL certificate using the Trust Manager
- If the certificate request dialog is still open, then close it.
- If the SAP Web Dispatcher’s PSE is not loaded in the PSE maintenance section, then load it by selecting the File node with a double-click and selecting the PSE from the file system.
- In the PSE maintenance section, choose Import Cert. Response. The dialog for the certificate response appears.
- Insert the contents of the certificate request response into the dialog’s text box either using Copy&Paste or by loading the file from the file system.
- The signed public-key certificate is imported into the SAP Web Dispatcher’s PSE, which is displayed in the PSE maintenance section.
- You can view the certificate by selecting it with a double-click. The certificate information is then shown in the certificate maintenance section.
- Create a PIN for the PSE.
NOTE: It is recommended using a PIN to protect the PSE, especially if the SAP Web Dispatcher is located in your demilitarized zone.
- Save the data in the Trust Manager.
- You are prompted for the location to which to save the PSE. Replace the PSE that you created earlier.
- If you saved the PSE to a local file on the application server, then copy it to the SECUDIR directory on the SAP Web Dispatcher.
Method 2: Install the SSL Certificate Using SAPGENPSE
- Use configuration tool sapgenpse to import the certificate request response into the PSEs.
- Run the following command:
Example: sapgenpse import_own_cert <Additional_options> -p <PSE_file> -c <Cert_file> -r <RootCA_cert_file> -x <PIN>
-p <PSE_Name> Path and file name of the PSE. The path is the SECUDIR directory and the file name is SAPSSLS.pse.
for the SSL server PSE or SAPSSLC.pse for the SSL client PSE (if it exists). Path description (in quotation marks, if spaces exist)
-c <Cert_file> Path and file name of the certificate request response. Path description (in quotation marks, if spaces exist)
-r <RootCA_cert_file> File containing both the Root CA certificate and the Intermediate CA certificate. The Intermediate CA
certificate is to be first followed by the Root CA certificate. Path description (in quotation marks, if spaces exist)
-x <PIN> PIN that protects the PSE Character string
- Verify the certificate installation with the Symantec Installation Checker
For more information, refer to SAP Web Dispatcher documentation.