About this deal
The key has been generated. Here procedure differs from the Root CA, so I need to generate signing request: openssl req -key intermediateServersCA/interServers.key.pem -new -sha256 -out intermediateServersCA/interServers.csr.pem It’s worth mentioning that one of the import options allows exports from the keystore. This isn’t the best idea because the key should be protected in the keystore. That’s the reason why in many companies the certificates are delivered on a physical smart card, where it is not possible to extract the private keys. Ok, we also have the Sandbox Server CSR that needs to be signed by the Intermediate CA. This can now be done: openssl x509 -req -in intermediateServersCA/csr/sap_sandbox_csr.pem -days 365 -CA intermediateServersCA/interServers.cert.pem -CAkey intermediateServersCA/interServers.key.pem -CAcreateserial -out intermediateServersCA/csr/sap_sandbox.cert.pem Importing CSR to SAP PSE
In this window you can select the domain that will be validated, along with the method of validation. There are three methods currently supported: The Code Signing menu allows users to create and import certificates for signing. In addition, it provides an easy interface to sign executable files. 4.1 Generate Code Signing CertificateSignature by Root CA: openssl x509 -req -in intermediateServersCA/interServers.csr.pem -days 3650 -CA rootCA/ca.cert.pem -CAkey rootCA/ca.key.pem -CAcreateserial -out intermediateServersCA/interServers.cert.pem Signing SAP server certificate Selecting the Generate SSL Certificate menu item shows the Generate SSL certificate form, which can be used to perform this task. 2.2 Complete Certificate Request
Now I need to focus on the non-SAP part of the exercise. The CSR is already in place, so the CA needs to do the signing. But I don’t have a CA yet, so I need to build one.In case you encounter an error when importing private keys, please refer to the appendix for troubleshooting information. 9.4 Generate SSL Certificate Request Form When you are not logged in your SSL.com account in SSL Manager, the account menu only allows you to log in or exit the application. The command uses several files – user certificate CSR, CA certificate, CA key, and the small config file. As a result, it produces a signed certificate named testuser.crt.pem. Consider entering a clear and concise Action Name that best describes the function of the new action you are creating. When you try to execute this action you will have to select it from the actions list, by this name.