Each of the following methods follows to create a CSR on SAP WEB Dispather:
Method 1. Develop CSR with the Trust Manager
Step 1. Generate a Key Pair:
- Start the Confidence Manager (STRUST transaction)
- Choose Build RSA via the context menu for the FIle node
- NOTE: You must build a PSE for SSL which contains the key pair for the RSA. If only Create is chosen then a main pair of DSA will be created that can not be used for SSL.
- Join sections of the Esteemed Name in the respective fields. The Common Name for the SSL Server PSE must react to the FQDN used to access the Web Dispatcher.
- Transfer the PSE to the local file (e.g., Protected ID directory for the Site Dispatcher). Use the file name you defined for the SSL server PSE and SSL client PSE in the profile parameters ssl / server pse and wdisp / ssl cred, respectively.
Step 2. Creating the Certificate Signing Request
- You must then generate the corresponding certificate request once you have created the PSE.
- Pick the Double-click File tab. The Open dialogue shows up
- In the previous process pick the PSE that you saved. The corresponding certificate will appear in the Owner area of the PSE maintenance section.
- Fill out the infromation needed by:
- Country Name (C): Use the nation-free two-letter code, e.g.: US or CA.
- State or province (S): totally spell out the territory; do not abbreviate the name of the state or province, for example: California.
- Locality or City (L): The position field is the name of the city or area, such as: Berkeley.
- Organization (O): Whether your organisation or agency has a &, @ or some other symbol that uses the shift key in its name , for example: XY & Z Corporation will be XYZ
- Corporation or XY and Z Corporation, you must spell out the symbol or omit it to enrol.
- Organizational Unit (OU): This field is the name of the unit or department making the request.
- Common Name (CN): Host + Domain Name is common name. It resembles “www.company.com” or “company.com.”
NOTE: Symantec certificates can only be used with the Common Name specified during registration on Web servers. For example, a domain “domain.com” certificate would receive an alert if you visit a site called “www.domain.com” or “secure.domain.com,” because “www.domain.com” and “secure.domain.com” vary from “domain.com.”
- Select Build Certificate Request in the section Maintenance of PSE. A dialogue will appear that displays the request for a certificate.
- Pick the content of the request and copy it to your clipboard (Archive) or save the request for a certificate to the file using Save as a local file (filename.p10).
- Check Your CSR
Method 2. Generate CSR using SAPGENPSE
- Use the sapgenpse setup tool to build PSEs from the SAP Web Dispatcher.
NOTE: The environment variable SECUDIR must be set to sapgenpse before you can create the SSL server PSE. The directory where you will find the licence ticket. If the environment variable isn’t set yet, set it with the
Command line as shown underneath.
set SECUDIR=<SECUDIR directory >
- Use the get pse command for the tool as shown below to build the PSE for the SAP Web Dispatcher.
sapgenpse get pse < additional options > -p < PSE Name > -r < cert req file name > -x < PIN > < Distinguished Name >
- The following command line creates the SSL server PSE and certificate request from the SAP Web Dispatcher, using the following information:
- SECUDIR is set to the environment variable C:\Program Files\SAP\SAPWebDisp\sec.
- The PSE is to be located at C:\Program Files\SAP\SAPWebDisp\sec\SAPSSLS.pse.
- The PIN used to guard PSE is abcpin.
- The name of the request file for a certificate is abc.req.
- The SAP Web Dispatcher is accessed using the hostname host123.mydomain.com which is fully qualified.
- The CA which is used is the SAP.CA.
Example: sapgenpse get pse -p SAPSSLS.pse -x abcpin -r abc.req “CN = host123.mydomain.com, OU = dept. name, O = Organizational Name, SP = State and Province value, L = Locality value, C = ISO country code value”.
The application file (abc.req) was created.