You can use one of the following methods to generate a CSR using the SAP WEB Dispatcher:
Method 1: Generate a CSR with the Trust Manager application.

In the first step, you must generate a key pair.

Start the trust manager by pressing F5 (transaction TRUST)

Using the Create RSA option from the context menu for the FIle node.

Please keep in mind that you must generate a PSE that contains the RSA key pair to use SSL. If just the Create option is selected, a DSA key pair is generated that cannot be used for SSL encryption.

Fill in the blanks with the Distinguished Name parts that relate to your organization. The Common Name for the SSL Server PSE must be the same as the FQDN used to access the Web Dispatcher for the PSE to function properly.

Save the PSE to a local file (for example, the Secure ID directory in the Web Dispatcher’s Secure ID directory). To use the SSL server PSE and the SSL client PSE, you must use the file name that you specified in the profile parameters SSL/server use and wasp/SSL cred for the corresponding PSEs.


Second, create the Certificate Signing Request (CSR) document.

Once the PSE has been generated, you must follow up by creating the accompanying certificate request.

Double-click on the File node to make it active. The dialogue box labeled “Open” appears.

Choose the PSE file that you already saved during the previous phase. The relevant certificate appears in the PSE maintenance section in the Owner field, which corresponds to the certificate number.

Fill in the blanks with the necessary information:

In the Country Name (C) field, provide the country’s two-letter code without any punctuation, for example, US or CA.

State or Province (S): Spell out the state or province name completely; do not abbreviate the name of the state or province, for example, California.

Locality or City (L): The name of the city or town is entered in the Locality field, for example, Berkeley.

To enroll, you must spell out or omit any symbols that are created by using the shift key in the name of your company or department. For example, XY & Z Corporation would be XYZ Corporation or XY and Z Corporation, whereas XY & Z Corporation would be XYZ Corporation or XYZ Corporation.

Organizational Unit (OU): The name of the department or organization unit that is submitting the request is entered in this area.

CN stands for Common Name. The Host + Domain Name combination is referred to as the Common Name. It has the appearance of “www.company.com” or “company.com.”

Please keep in mind that Symantec certificates can only be used on Web servers that are identified by the Common Name that was chosen during enrolment. For example, if a certificate for the domain “domain.com” is used to access a site with the names “www.domain.com” or “secure.domain.com,” the certificate will receive a warning since the names “www.domain.com” and “secure.domain.com” are distinct from the domain “domain.com.”

Create a certificate request from the PSE maintenance section by selecting Create Certificate Request. There is a pop-up window that displays the certificate request.

Select the content of the certificate request and copy it to your clipboard (Copy), or save the certificate request to a file using (filename.p10) and Save it as a local file (Save as a local file) to store it on your computer.

Check your Customer Service Representative (CSR)

Method 2: Create a CSR using the SAPGENPSE program.


To construct the PSEs for the SAP Web Dispatcher, use the setup tool sapgenpse (see Resources).

NOTE: Before you may use sapgenpse to produce the SSL server PSE, you must first set the environment variable SECUDIR to the location where the PSE will be stored.

this is the directory in which the licensed ticket is stored If the environment variable has not been set yet, use the following command to do so:

as seen in the following command line

SECUDIR=SECUDIR directory> should be set.

Make use of the tool’s get pse command, as demonstrated below, to construct the PSE for the SAP Web Dispatcher.

SAPGENPSE get PSE additional options> SAPGENPSE to get PSE —parameters —parameters —parameters —parameters —parameters —parameters —parameters —parameters —parameters —parameters —parameters

Following is a command line that generates the SAP Web Dispatcher’s SSL server PSE and certificate request based on the information provided below:

The environment variable SECUDIR is set to C: Program FilesSAPSAPWebDispsec in the SAPWebDisp configuration.

  • The PSE should be stored in the following location: C: Program FilesSAPSAPWebDispsecSAPSSLS.pse.
  • ABCP is the PIN that is used to safeguard the PSE.
  • The ABC.req file is the name of the certificate request file.
  • The SAP Web Dispatcher can be reached using the fully-qualified hostname host123.mydomain.com, which stands for host123 on mydomain.com.
  • The CA that was utilized was the SAP.CA.
  • As an illustration, sapgenpse get pse -p SAPSSLS.pse -x abcpin -r abc.req “CN=host123.mydomain.com, OU=dept. name, O=Organizational Name, SP=State and Province value, L=Locality value, C=ISO country code value” SAPSSLS.pse -x abcpin -r abc.req “CN=host123.mydomain.com, OU=dept. name, O=

Abc. req is the name of the requested file that has been created.