This document provides instructions for installing SSL certificate on SAP Web Dispatcher.
Step 1: Download the Root CA Certificate
- Download the Root CA certificate from solution id: SO4785
NOTE: The Root CA certificate file can be saved with a .cer extension (e.g. RootCA.cer).
- Copy the Root CA certificate file onto the server where you will install the certificate.
Step 2. Download the SSL Certificate & Intermediate CA Certificate
- Download your certificate from the unique secure link we provide your technical contact via order fulfillment email.
- The ZIP file you downloaded contains the following certificates:
- SSL certificate (i.e. ssl_certificate.cer, also known as end entity certificate, public key certificate, digital certificate or identity certificate).
- Intermediate CA certificate (i.e. IntermediateCA.cer, also known as chained certificate or signer/issuer of the SSL certificate).
- Unzip the files onto the server where you will install the certificate.
Step 3. Install the SSL Certificate
To install an SSL certificate on a SAP Web Dispatcher, follow either one of the following methods:
Method 1. Install the SSL Certificate using the Trust Manager
- If the certificate request dialog is still open, then close it.
- If the SAP Web Dispatcher’s PSE is not loaded in the PSE maintenance section, then load it by selecting the File node with a double-click and selecting the PSE from the file system.
- In the PSE maintenance section, choose Import Cert. Response. The dialog for the certificate response appears.
- Insert the contents of the certificate request response into the dialog’s text box either using Copy&Paste or by loading the file from the file system.
- The signed public-key certificate (i.e. ssl_certificate.cer, as described in Step 2) is imported into the SAP Web Dispatcher’s PSE, which is displayed in the PSE maintenance section.
- You can view the certificate by selecting it with a double-click. The certificate information is then shown in the certificate maintenance section.
- Create a PIN for the PSE.
NOTE: It is recommended using a PIN to protect the PSE, especially if the SAP Web Dispatcher is located in your demilitarized zone.
- Save the data in the trust manager.
- You are prompted for the location to which to save the PSE. Replace the PSE that you created earlier.
- If you saved the PSE to a local file on the application server, then copy it to the SECUDIR directory on the SAP Web Dispatcher.
Method 2. Install the SSL Certificate using SAPGENPSE
- Use configuration tool sapgenpse to import the certificate request response into the PSEs.
- Run the following command:
Example: sapgenpse import_own_cert <Additional_options> -p <PSE_file> -c <Cert_file> -r <RootCA_cert_file> -x <PIN>
-p <PSE_Name> Path and file name of the PSE. The path is the SECUDIR directory and the file name is SAPSSLS.pse.
for the SSL server PSE or SAPSSLC.pse for the SSL client PSE (if it exists). Path description (in quotation marks, if spaces exist).
-c <Cert_file> Path and file name of the certificate request response. Path description (in quotation marks, if spaces exist).
-r <RootCA_cert_file> File containing both the Root CA certificate and the Intermediate CA certificate. The Intermediate CA
certificate is to be first followed by the Root CA certificate. Path description (in quotation marks, if spaces exist).
Open a Notepad, paste the Intermediate CA certificate (i.e. IntermediateCA.cer as described in Step 2) and Root CA certificate (i.e. RootCA.cer as described in Step 1) in the following order:
-x <PIN> PIN that protects the PSE Character string.
If you are unable to use these instructions for your server, Symantec recommends that you contact either the vendor of your software or an organization that supports SAP Web Dispatcher.
Step 5: Verify certificate installation
- Verify your installation with the DigiCert Installation Checker
For more information, see SAP Support website.