Show TOC Start of Content Area

Procedure documentation Sending the Certificate Requests to a CA Locate the document in its SAP Library structure

Use

After you have generated a key pair and certificate request for each PSE, send the certificate requests to a CA to be signed. The response from the CA is a signed public-key certificate for the server when it is using the designated PSE.

Prerequisites

You can send the certificate requests to the CA of your choice, for example, the SAP CA. Note however, the corresponding certificate request response from the CA must be available in one of the following formats:

·        PKCS#7 certificate chain format

In this case, the issuing CA provides the certificate request response in the necessary format. For example, the SAP CA provides the response in this format, or you can request this format from your CA.

·        PEM format

In this case, the certificate request response from your CA contains only the signed public-key certificate. Therefore, you must also have access to the CA’s root certificate. If you are using the trust manager, then this root certificate must exist in the database. If you are using sapgenpse, then it must exist as a file in the file system.

Procedure

For each certificate request that you created, send the contents of the certificate request to your CA.

The exact procedure to use depends on the CA that you use. For the SAP CA, follow the instructions provided by the SAP Trust Center Service at http://service.sap.com/tcs.

Note

To view the contents of the certificate, open the certificate request with a text editor. Because many editors use hidden characters for formatting, use a text editor that does not support formatting features, for example, Notepad. If carriage returns or line feeds have been corrupted, for example, during download, then correct these errors.

Example

The example below shows a correct certificate request.

-----BEGIN CERTIFICATE REQUEST-----
MIIBkzCCAVICAQAwWjELMAkGA1UEBhMCREUxHDAaBgNVBAoTE215U0FQLmNvbS
BXb3JrcGxhY2UxDzANBgNVBAsTBlNBUCBBRzEOMAwGA1UECxMFQmFzaXMxDDAK
BgNVBAMTA0JJTzCB7jCBpgYFKw4DAhswgZwCQQCSnauC/cAfQVrmOtWznQ9I+i
4twoPq8wCE0Fk5EAVjQnX2oMqBnyoi+ee/ZH2cLwyhp5mOOw70+exS7PHEWKiF
AhUAw9FSY1AsFV4U9fC9w+Bg5H4ISYcCQARcC+7q3UkM0TF0A5zRaq7viO3Wj2
MwYUNwFkc0hxzhloUQd21megZADoFiisdzkn/nF4eIxV9vq9XxcV63xTsDQwAC
QFher18UA8YkY4/zHe4mbupBXvDSucm2nbJuQ5PgDBvVaMmtpXIisyzuAFL+qC
zQ92mkNqUR9JLWpz09ghQdISCgADAJBgcqhkjOOAQDAzAAMC0CFA7qEluP/Kfi
+6HF/8I7j4NfF44xAhUAqkDgAeR3tzmNegKUTQ+JzeCXawE=
-----END CERTIFICATE REQUEST-----

Result

The CA will validate the information contained in the certificate request (according to its own policy) and return a response that contains the signed public-key certificate.

 

 

End of Content Area