Show TOC

Procedure documentationSending the Certificate Requests to a CA Locate this document in the navigation structure

 

After you have generated a key pair and certificate request for each PSE, send the certificate requests to a CA to be signed. The response from the CA is a signed public-key certificate for the server to use to identify itself when it is using the designated PSE.

Prerequisites

You can send the certificate requests to the CA of your choice, for example, the SAP CA. When requesting the certificate, note that the corresponding certificate request response from the CA must be available in one of the following formats:

  • PKCS#7 certificate chain format

    In this case, the issuing CA provides the certificate request response in the necessary format. For example, the SAP CA provides the response in this format, or you can request this format from your CA.

  • PEM format

    In this case, the certificate request response from your CA contains only the signed public-key certificate. In this case, you must also have access to the CA's root certificate. If you are using the trust manager, then this root certificate must exist in the database. If you are using sapgenpse, then it must exist as a file in the file system.

Procedure

For each certificate request that you created, send the contents of the certificate request to your CA.

The exact procedure to use depends on the CA that you use. For the SAP CA, follow the instructions provided by the SAP Trust Center Service at http://service.sap.com/tcs.

Note Note

To view the contents of the certificate, open the certificate request with a text editor. Because many editors use hidden characters for formatting, use a text editor that does not support formatting features, for example, Notepad. If carriage returns or line feeds have been corrupted during download, then correct these errors.

End of the note.

Note Note

The example below shows a correct certificate request.

-----BEGIN CERTIFICATE REQUEST-----

MIIBkzCCAVICAQAwWjELMAkGA1UEBhMCREUxHDAaBgNVBAoTE215U0FQLmNvbS

BXb3JrcGxhY2UxDzANBgNVBAsTBlNBUCBBRzEOMAwGA1UECxMFQmFzaXMxDDAK

BgNVBAMTA0JJTzCB7jCBpgYFKw4DAhswgZwCQQCSnauC/cAfQVrmOtWznQ9I+i

4twoPq8wCE0Fk5EAVjQnX2oMqBnyoi+ee/ZH2cLwyhp5mOOw70+exS7PHEWKiF

AhUAw9FSY1AsFV4U9fC9w+Bg5H4ISYcCQARcC+7q3UkM0TF0A5zRaq7viO3Wj2

MwYUNwFkc0hxzhloUQd21megZADoFiisdzkn/nF4eIxV9vq9XxcV63xTsDQwAC

QFher18UA8YkY4/zHe4mbupBXvDSucm2nbJuQ5PgDBvVaMmtpXIisyzuAFL+qC

zQ92mkNqUR9JLWpz09ghQdISCgADAJBgcqhkjOOAQDAzAAMC0CFA7qEluP/Kfi

+6HF/8I7j4NfF44xAhUAqkDgAeR3tzmNegKUTQ+JzeCXawE=

-----END CERTIFICATE REQUEST-----

End of the note.

Result

The CA will validate the information contained in the certificate request (according to its own policy) and return a response that contains the signed public-key certificate.