SAP Web Application – SSL Installation

Like the majority of server systems you will install your SSL certificate on the same server where your Certificate Signing Request (CSR) was created. Your private key will always be left on the server system where the CSR was originally created. Your SSL certificate will not work without this private key file. We will assume that this is the original system.

To install your SSL certificate on SAP Web Application Server perform the following.

Step 1: Downloading your SSL Certificate & its Intermediate/Root CA Certificates:

1. If you had the option of server type during enrollment and selected Other not IIS or PKCS#7  you will receive a x509/.cer/.crt/.pem version of your certificate within the email. Alternately you can access your Certificate User Portal by the supplied link in the email to pick up the x509 version of your certificate. Alternateivly you can Also pick up
2. Copy the SSL certificate and make sure to copy the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– header and footer Ensure there are no white spaces, extra line breaks or additional characters.
3. Use a plain text editor such as Notepad, paste the content of the certificate and save it with extension .txt
4. If your intermediate CA certificate for your product is not in the body of the email you can access your Intermediate CA also in a link within that email. Copy and paste the contents of your Intermediate CA into its own Notepad file and save it with a .txt extension also.
   Note: Some CAs may require two intermediates for best compatibility. These two are to be copied within their own corresponding .txt files and installed one at a time in a repeated process for intermediate installation.
5. Getting your Root CA will vary and you may have to consult your CA in order to get this. It must be in its own Notepad file and saved with a .txt extension. Click here to see a list of intermediates and roots the SSL Support Desk has on file.

Step 2: Installing your SSL certificate:

Note: For a PSE that is used by multiple application servers, you only have to import the response into one of the PSEs. The PSE is then redistributed to all of the application servers.

For example, for those application servers that use a system-wide SSL server PSE, you only need to import the certificate request response into the SSL server PSE on one of the servers.

1. From Trust Manager expand the SSL server PSE node.
2. Double click to select the appropriate application server. The application server’s SSL server PSE is displayed in the PSE maintenance section.
3. In the PSE maintenance section, choose Import Cert. Response.
4. Paste the contents of your SSL Certificate .txt  into the dialog’s text box or click Load local file to specify the location and path of your saved SSL Certificate .crt.
5. Your SSL Certificate  is imported into the server’s SSL server PSE, displayed in the PSE maintenance section.
6. You can view the certificate by selecting it with a double click. The certificate information is then shown in the certificate maintenance section.
7. Save the data.

Note: Depending on where how you set up your system you will import your Intermediate CA and Root Certificate in one of these location steps. 

Step 2a. Importing the CA’s Root Certificate if it is Located in the Certificate Database

1. In the certificate section, choose  Import certificate.
2. The Import Certificate dialog appears.
3. Select the Database tabstrip.
4. Select the certificate from the certificate database and choose Enter. The certificate appears in the certificate section.
5. Choose  Add to Certificate List.
6. The certificate is added to the certificate list for the PSE displayed in the PSE maintenance section.
7. Save the data.

Step 2b. Importing the CA’s Root Certificate if it is Located in the File System

1. In the certificate section, choose  Import certificate.
2. The Import Certificate dialog appears.
3. Enter the corresponding file name from the file system.
4. Select the certificate’s file format: Base 64.
5. Choose Enter. The certificate appears in the certificate maintenance section.
6. Choose  Add to Certificate List. The certificate is added to the certificate list for the PSE displayed in the PSE maintenance section.
7. Save the data.

Step 2c. Importing the CA’s Root Certificate if it is Located in a Different PSE

1. Expand the node for the PSE that contains the certificate and select one of the application servers with a double-click.
2. The PSE and its certificate list appear in the PSE maintenance section.
3. Select the certificate with a double-click. The certificate appears in the certificate maintenance section.
4. Select one of the application servers under the SSL server PSE node with a double-click.
5. Choose  Add to Certificate List. The certificate is added to the certificate list for the PSE displayed in the PSE maintenance section.
6. Save the data.

Your SSL certificate is now installed.

If you are unable to use these instructions for your server, Acmetek recommends that you contact either the vendor of your software or the hosting organization that supports it.

SAP Support:

For support refer to SAP