Use
Initially, you may want to use the self-signed certificate and change to a certificate signed by the SAP CA at a later date.
User authentication using logon tickets will not be available to accepting systems while you are switching from a self-signed certificate to a certificate signed by the SAP CA.
The time frame where SSO is not available starts when you save the new certificate on the issuing server and lasts until you have activated the server on all accepting systems.
Procedure
On the Issuing Server
On Accepting Systems
The SSO administration report displays the current SSO status.
The SSO administration report displays the status for the new SSO environment.
See also
Configuring the System for Accepting Logon Tickets.Result
The system now uses the key pair and public-key certificate signed by the SAP CA for digitally signing logon tickets. The accepting systems can also accept the logon tickets and verify the new digital signature.