SSL Certificates for J2EE Servers

We have a security requirement to make all our servers SSL/HTTPS compliant.  We have a J2EE Application Server.  To satisfy this requirement for this server, does anyone know if we need to install an SSL certificate?  We are  installing Certificates on our 2 other SAP boxes but have not request one for this J2EE server.
Please let us know if you have any insight.
Thanks!

Hi Shannon,
The below link helps configuring SSL for J2EE servers:
http://help.sap.com/saphelp_nw04/helpdata/en/db/1f1740198d8f5ce10000000a155106/frameset.htm
-> Configuring SSL on SAP J2EE
A key pair is required for the SAP J2EE to use SSL. This key pair can be created from the Visual admin. But to use this, the public key should be certified by "any Certifying authority(CA)". This CA can depend on your choice. In case you opt for SAP CA, follow the instructions on http://service.sap.com/tcs
Regards
Srikishan

Similar Messages

  • Is it possible to use single ssl certificate for multiple server farm with different FQDN?

    Hi
    We generated the CSR request for versign secure site pro certificate
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0in 5.4pt 0in 5.4pt;
    mso-para-margin:0in;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;}
    SSL Certificate for cn=abc.com   considering abc.com as our major domain. now we have servers in this domain like    www.abc.com,   a.abc.com , b.abc.com etc. we installed the verisign certificate and configured ACE-20 accordingly for ssl-proxy and we will use same certificate gerated for abc.com for all servers like www.abc.com , a.abc.com , b.abc.com etc. Now when we are trying to access https//www..abc.com or https://a.abc.com through mozilla , we are able to access the service but we are getting this message in certfucate status " you are connected to abc.com which is run by unknown "
    And the same message when trying to access https://www.abc.com from Google Chrome.
    "This is probably not the site you are looking for! You attempted to reach www.abc.com, but instead you actually reached a server identifying itself as abc.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of adgate.kfu.edu.sa. You should not proceed"
    so i know as this certficate is for cn=abc.com that is why we are getting such errors/status in ssl certficate.
    Now my question is
    1. Is is possible to  remove above errors doing some ssl configuration on ACE?
    2. OR we have to go for VerisgnWildcard Secure Site Pro Certificate  for CSR generated uisng cn =abc.com to be installed on ACE  and will be used  for all servers like  www.abc.com , a.abc.com etc..
    Thanks
    Waliullah

    If you want to use the same VIP and port number for multiple FQDNs, then you will need to get a wildcard certificate.  Currently, if you enter www.abc.com in your browser, that is what the browser expects to see in the certificate.  And right now it won't beause your certificate is for abc.com.  You need a wildcard cert that will be for something like *.abc.com.
    Hope this helps,
    Sean

  • Using existing SSL Certificate for Web Dispatcher

    Hi,
    We've registered a SSL certificate with wildcard option via GlobalSign. The history of this process is as below:
    1. We created a Certificate Request with IIS and send it to GS (GlobalSign).
    2. They send us the certificate file Globalsign Primary Secure Server CA and Globalsign Server Sign CA files.
    3. Import all ceritifcates into IIS and then exported the certificate into a Cert.pfx file.
    4. By using this file, we are able to import the SSL certificate into J2EE WAS 640  of Portal system.
    5. Now we want to use same certificate to establish a web dispatcher installation as intermediate server for internet access.
    Web Dispatcher documentations says to create a pse and req file with sapgenpse program and then send it to CA (here globalsign) to get a certificate.
    But when we asked GS, they told us to use the certificate they send us before. They cannot create a certificate file for the ourput of web dispatcher. It will be billed us if we persist.
    So, we have to find a way to use the existing certificate to enable SSL of Web Dispatcher.
    Any idea?

    Hi Huseyin,
    I also have the same scenario. We also want to use the same certificate from verisign for our webdispatcher.
    Do you know how to do. Can you help me.
    Thanks and Regards,
    Sailesh K

  • How we can get SSL certificate for any site?

    i want to know how can get SSL certificate for any website and what is the main benefit for particular website with the help of this certificate.

    Hi,
    Would you please let me know edition information of the SBS server? Was it SBS 2008 or SBS 2011?
    Based on your description, I’m a little confused with your question. Did you mean that want to know why need
    SSL certificate for website?
    Certificate Services and SSL protect sensitive information by encrypting the data sent between client browsers
    and your server.
    An SSL Certificate is used for two reasons (1) to validate the remote server to the client before the client sends any data to that server (2) to encrypt the data between the client and server over an un-secure network (ie. the Internet). You can use
    a self-issued certificate or a third-party trusted certificate. For more details, please refer to following articles and check if can help you.
    Managing Certificates
    SSL and Certificates
    Understanding Self-Issued
    Certificates in SBS 2003 & SBS 2008
    Installing a GoDaddy Standard
    SSL Certificate on SBS 2008
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
    does not guarantee the accuracy of this information.
    If anything I misunderstand or any update, please don’t hesitate to let me know.
    Hope this helps.
    Best regards,
    Justin Gu

  • RV120W SSL Certificate for Client

    Hello,
    When I try to export an SSL Certificate for a Client I get a htps.CSR file instead of the .PEM file. So, I can't update the client computer with the correct certificate.
    Firmware:
    1.0.2.6
    Help?

    Hello Sir, My name is Eric Moyers. I also responded to your other thread.
    I am pulling one of these out of our storage room and looking at the procedure. Will update you when I have something.
    Thanks
    Eric Moyers
    Cisco Network Support Engineer
    SBSC WIreless and Surveillance SME
    CCNA, CCNA-Wireless
    1-866-606-1866

  • Changing SSL certificate for ICM

    Hello,
    I'd like to change SSL certificate for ICM service. I've change it in STRUST, but when I run web browser, server sends old one. IT is very odd, that ICM still works after deleteing all "SSL Server" certificates in STRUST. I tried to restart whole SAP system, but it did not help.
    Is there any possibility to change working certificate? What should I do to make such change?

    > I often use transaction SMICM -> Administration -> ICM -> Exit soft to restart only the ICM without interrupting the whole SAP system.
    > You should increase the ICM trace level, restart it and look at the trace file to try to find out what's wrong.
    OK, ICM runs properly now. I have no idea why, as I did not change anything. Maybe "soft restart" invoked few times helped.
    > Of course. In my company we use our own internal CA for intranet use and Verisign for internet use.
    > (for internet use the certificate in on the reverse proxy in the DMZ).
    Here I've got another problem.
    I've started with something simple. STRUST->SSL server->Create Certificate Request. My CA has signed this request. Now, when I'm trying to install signed certificate, I got an error "Cannot import certificate response".
    As my CA is not signed by any well known CA e.g. VeriSign), I've added my CAs certificate to SAP database (as root CA and server CA), butit did not help.
    In SSL server, I've got "(self signed)" below "own certif." field and I cannot change it
    If it's not a big problem, could you write down, what should I do to install external SSL certificate signed by not well-known CA.
    Many thanks for your help,
    regards,
    Konrad

  • SSL certificate for database

    Hi all,
    I want to know whether I need separate SSL certificate for each database on that server or can I take for the server and use it?
    And also how to get SSL certificate for database form Godaddy?
    Any help would be great.
    Thanks
    Rajitha
    --------------------------------------------------------------------------------

    Pl refer to Oracle® Database Advanced Security Administrator's Guide
    10g Release 2 (10.2) from Oracle documentation.
    You will find useful information on that related to this.
    Dilipkumar Patel.

  • Installing an SSL certificate for a CSS 11503

    I'm having the hardest time searching for clear instructions on how to request and install an SSL certificate for a CSS 11503 Content Switch. Can anyone help or point me in the right direction?
    I'm also looking for instructions on how to replace an SSL certificate once it's been installed. Thanks!

    Allen,
    The portion of the configuration guide related to SSL certificates and keys can be found here:
    http://cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a00801eea82.html#1422544
    To replace an SSL certificate, you'll need to remove the current certificate and re-import/create the new one.
    ~Zach

  • Iplanet 6.0 creating a development SSL certificate for internal use

    With IHS I can create my own SSL certificate when I want to do development work locally. I don't need to pay for a commercial one.
    Is there a tool to create my own SSL certificate for development work with iplanet 6.0?

    With IHS I can create my own SSL certificate when I want to do development work locally. I don't need to pay for a commercial one.
    Is there a tool to create my own SSL certificate for development work with iplanet 6.0?

  • Renew SSL Certificate for for two Exchange 2010 Server and the new rules.

    I find DigitCert's website always helpful with cert questions.They've got a pretty helpful page here: https://www.digicert.com/internal-names.htmIt looks like they've got a tool for Exchange, but I've not used it myself, so can't say if it works or how well: https://www.digicert.com/internal-domain-name-tool.htmI bet Microsoft have something on their website too that helps with this sort of question.I'd say you register a completely new domain and use that for public facing and internal servers. Or you could just create a sub domain of an existing one, i.e. subdomain.mydomain.com and use that, i.e. public_exchange.subdomain.mydomain.com and internal_exchange.subdomain.mydomain.com.

    Hi there , 
    My exchange 2010 Server Certificate is about to expire and i am going to renew it but according to the new rules for SSL Certificate Issuing we can not include our Local Servers Names and Local FQDN such as myserver.contoso.local, my issue is that i have 2 exchange servers one is internet-facing Server (where the certificate is initiated and installed) and one is non-internet-facing Exchange server.
    if i am going to renew my certificate with public only name, I have to create a split Domain that reflects my external links to the internal Users, what shall i do for the non-internet-facing server? do i need to create another record in my split DNS Server and add it to my Certificate Request ? 
    This topic first appeared in the Spiceworks Community

  • Ssl certificates for a clustered environment

    Hi all,
    I have a rather large domain in one environment with one Admin Server and 6 Managed Servers.
    The Managed Servers are split on two physical machines with the first machine holding the Admin Server as well.
    Each pair of servers is joined in a cluster, so I have 3 clusters, each hosting one application.
    Now some of the communication needs to be done over ssl and I'm wondering about the configuration. First of all I should
    note that these certificates won't be seen by a client (browser), they will only be used for internal application communication.
    So, do I need one certificate for each managed server for his identity keystore? Or can I use the same certificate for all of them?
    They will all be accessible under the same url, under a couple of layers of routers. If I use the same certificate can I use the one on the
    router, which the clients see as well? Can I or Must I?

    You only need to tell nodemanager where to find its certs. If you've already chosen SSL for your nodemanager, then by default it uses the democerts that come with WL. But you really don't want to use those...
    So in your nodemanager properties, use something like:
    # SSL Configuration
    KeyStores=CustomIdentityAndJavaStandardTrust
    CustomIdentityAlias=your_cert_alias
    CustomIdentityKeyStoreFileName=full_path_to_your_identity_keystore_used_by_your_mgd_server
    CustomIdentityKeyStorePassPhrase=your_storepass
    CustomIdentityKeyStoreType=jks
    CustomIdentityPrivateKeyPassPhrase=your_keypass
    This tells your nodemanager to use the same identity as your managed servers. Since it's using java standard trust, it shares the same "cacerts" as the app server. In the console, your Machine -> Configuration -> Node Manager -> Type would be SSL.
    So that would be all that's required for the nodemanager.
    In your trust keystore, you can just add the signer / root ca cert for your certs, or you can add the individual server certs if you want to restrict the trust a little further. Normally identity certs expire more frequently than root certs, so I don't put identity certs into the trust store since it just means more maintenance when they expire.

  • How to Create SSL certificate for HTTPS Connection in SAP PI

    Hi,
              I have Proxy to HTTPS scenario. I need to provide my SSL certificate( SAP PI SSL Certificate) to the vendor.
              How to generate SAP PI SSL certificate. I have already imported vendor certificate using STRUST T-code.
             I am not sure from where to generate SAP PI SSL certificate that need to be shared with vendor.
             Please help me on this issue.
    Thanks,
    Siva

    Hi,
    Check if it helps:
    http://help.sap.com/saphelp_nwpi711/helpdata/en/49/26af8339242583e10000000a421937/frameset.htm
    But as mentioned for the colleague above, you can create that on Visual Administrator Tool -> Keystore
    Regards,
    Caio Cagnani

  • Is there a way to change the CSR for install SSL Certificate for CCMADMIN

    HI there,
    Our customer want a solution for the https failure on CCMAdmin and CCMUser sites.
    For that, I have exported a csr to buy a ssl certificate from verisign.
    The problem is the csr includes fqdn an not just the servername
    But the users just have to type in the servername to reach the server.
    Is there a way to export a csr which include as common name only the server name without changing the domain settings in the cucm?
    thanks
    Marco

    Hi
    You can go to the server via SSH, and enter the 'set web-security' command with the alternate-host-name parameter:
    Command Syntax
    set web-security orgunit orgname locality state country alternate-host-name
    Parameters
    • orgunit represents the organizational unit.
    • orgname represents the organizational name.
    • locality represents the organization location.
    • state represents the organization state.
    • country represents the organization country.
    • alternate-host-name (optional) specifies an alternate name for the host when you generate a
    web-server (Tomcat) certificate.
    Note When you set an alternate-host-name parameter with the set web-security command,
    self-signed certificates for tomcat will contain the Subject Alternate Name extension with
    the alternate-host-name specified. CSR for Cisco Unified Communications Manager will
    contain Subject Alternate Name Extension with the alternate host name included in the CSR.
    Typically you would still use an FQDN, but a less specific one (e.g. ccm.company.com)...
    Regards
    Aaron
    Please rate helpful posts...

  • How can i refresh an SSL certificate for a specific page?

    i am trying to access my electronic training jacket on Navy Knowledge Online to check the status of my security clearance. the ETJ page requires an SSL certificate. when i initially loaded the page the message window popped up prompting me to add the security exception and get the certificate. i got the certificate and continued to load the page but it came up with HTTP error 403.7 saying that i didn't have the certificate i needed. for some reason NKO isn't recognizing the certificate i got so i need to clear that certificate and get a new one that hopefully the server will recognize. how can i do this?

    You can try to remove that certificate here:
    Edit > Preferences > Advanced > Encryption: Certificates > View Certificates

  • How Do You Generate a 2048bit CSR for a Third Party SSL Certificate for LMS 4.0.1?

    Our site requires Third Party SSL certificates to be installed on our servers.  We have an agreement with inCommon. I have to supply a CSR in order to obtain the SSL certificate.
    My installation is on a Windows 2008 server and I had the self-signed CSR already but it is only 1024 bits.  Is there someplace in the GUI or OS where I can change the encryption?

    This is a shot in the dark, but since CiscoWorks is using (I believe) Tomcat as the web server, could you run keytool to generate the CSR?
    http://help.godaddy.com/article/5276
    You could also use an online CSR gererator such as:
    http://www.gogetssl.com/eng/support/online_csr_generator/
    The key (pun intended) is having the private key on your server so that when you get the signed certificate and install it (using sslutil) it will be usable.
    Hope this helps.

Maybe you are looking for