Pages

Wednesday, July 28, 2021

Create Self Signed Certificate for SAP System

Problem :

HTTPS Protocol need to be enable for non-production landscape, to avoid SSL certificate error on browser.

Solution:

We can create and apply self signed certificate for non-production SAP System. We will be using OPENSSL command line tool that has been used to generate Private key , CSRs , root certificate and self-signed certificate.

To download the OPEN SSL tool https://www.openssl.org/ 

1. Generate the key pair of rsa algorithm with key length 2048 .

    cmd > openssl genrsa -out key-pair.key 2048


2. Create certificate signing request and fill the required details like Country, State, Common Name.

    cmd >  openssl req -new -key key-pair.key -out certificate.csr




















3. Now create Root CA certificate for self-signed certificate

cmd > openssl req -x509 -new -nodes -key key-pair.key -sha256 -days 350 -out myCA.pem


4. Now create a self signed certificate 

cmd> openssl x509 -req -days 3650 -in certificate.csr -CA myCA.pem -CAkey key-pair.key -CAcreateserial -out server-cert.crt




5. Now converted the created certificate in PKCS12# format and provide your password.

cmd> openssl pkcs12 -export -out server-cert.pfx -inkey key-pair.key -in server-cert.crt



Now import server-cert.pfx into the system through STRUST (ABAP) or into Certificate and Key Storage (JAVA)

Also this server-cert.pfx can be converted into *.pse and it can also be imported directly  into system.


If you are still getting the certificate error after calling the URL on HTTPS



Then import Root certificate in Trusted root Certification Authority and PKCS12 certificate in Personal of Certification Manager.


Optional :

If required, we can extract the public key from the generated key-pair.key

cmd> openssl rsa -in key-pair.key -pubout -out key-pair-public.key




No comments:

Post a Comment