Hey out there! Our internal SSL certs expire every 2 years, so I recently had to go through the steps to quickly renew them in our web dispatcher(s).
I'd like to share that information here to serve as quick reference for others!
Our OS:
AIX 6.1
Our Web Disp Version:
| Web Administration Version 7.21.0, Thu Oct 03 14:45:51 CET 2013 | |
SAP Web Dispatcher Version 7.21.0, multithreaded, ASCII, 64 BIT |
| kernel information | |
| system name | WXX |
| kernel release | 721 |
| database library | |
| compiled on | AIX 1 6 00CFADC14C00 |
| compiled time | Oct 18 2014 21:47:28 |
| update level | 0 |
| patch number | 330 |
| source id | 0.330 |
Commands:
As WXXADM, in the $SECUDIR directory:
./sapgenpse gen_pse -p SAPSSLS.pse -onlyreq -r WXX.req
./sapgenpse gen_pse -p SAPSSLC.pse -onlyreq -r WXXsslc.req
This exports the request
FTP the files to your PC. Now goto CRL, sign new P7B for each(save the files as WXXcertnew2015.p7b and WXXsslc-certnew2015.p7b) . FTP back to to $SECUDIR
./sapgenpse import_own_cert -p SAPSSLS.pse -c WXXcertnew2015.p7b
./sapgenpse import_own_cert -p SAPSSLC.pse -c WXXsslc-certnew2015.p7b
This imports the signed certs
./sapgenpse seclogin -p SAPSSLS.pse -O wxxadm
./sapgenpse seclogin -p SAPSSLC.pse -O wxxadm
This generates new cred_v2 files for the user (if prompted for a PIN,enter it)
STOP and START the WEB DISPATHER
You must restart the web dispatcher before it’ll read the new certs
Now hit your back-end ECC/CRM/BW (whatever) system using the HTTPs port on your webdispatcher.
check cert to see if signed for another 2 years!
Hope that helps!
NICK