SSL certificates not visible while RFC destination creation
Hi all,
I am setting up an RFC destination to connect to external server and which uses SSL certificates for its authorization.
So i have imported the Client certificates into STRUST.
While setting up an RFC connection of type G, in the security tab when we select the SSL security certificate radio button, will we be able to see the certificates(in the combo box) that we have imported in STRUST.
Currently, though i have imported the Client certificates into STRUST, i am not able to see them in the SS security certificates combo box.
Kindly help me out.
Cheers,
Siva Maranani.
Well, first of all we should avoid confusion by using the term "<i>ABAP destination</i>" rather than "<i>RFC destination</i>" (although ABAP transaction SM59 still has this old title).
When referring to an "ABAP destination of type G" we are talking of an outbound http connection to a non-ABAP server (e.g. an SAP J2EE server or any other http server).
I'm not sure whether you are aware that in this context "<i>SSL client certificate</i>" refers to the ABAP <u>system</u> (which is the SSL client in this scenario). This is different from scenarios where "X.509 client certificate" refers to a certificate which is assigned to an individual <u>user</u> (using a web browser). <b>In the given scenarios, where two systems are the communication peers, SSL cannot be used for user authentication.</b> That fact is often misunderstood.
By default you'll find 3 different SSL certificates (actually: PSEs) in an ABAP system (which can be used only after enabling SSL, of course - see note 510007 for instructions):
- SSL Server
- SSL Client (anonymous)
- SSL Client (Default)
Well, the "<i>SSL Client (anonymous)</i>" is actually not really a "client certificate" but used for outgoing http requests where you do not intend to send your own SSL client certificate. Since you cannot use the server's SSL client certificates for user authentication it might make sense to use "<i>SSL Client (anonymous)</i>" is most cases.
Please notice: you have to add the server's SSL certificate (respectively the root CA certificate and potentially intermediate CA certificates) to the certificate list of the "<i>SSL Client (anonymous)</i>" PSE (using STRUST). By default, that list is empty - consequently no SSL server certificate is trusted (in contrast to a web browser which is already shipped with a long list of "trusted CAs").
Only when the (remote) server demands SSL client certificates it might make sense to use either "<i>SSL Client (Default)</i>" or to define a new SSL client certificate (for the ABAP system that submits the https request).
Please notice:
SSL client certificates need to be issued by an Certification Authority (CA) in order to be accepted by the SSL server.
In addition to importing the SSL server's certificate to the certificate list of the SSL client PSE (see above: <i>anonymous SSL client</i>) you also need to export the root CA certificate (and potentially all intermediate CA certificates) of the SSL client certificate and import it to the (remote) SSL server's keystore (kindly refer to the manuals of that server for instructions).
Kind regards, Wolfgang
PS: I assume that you have imported some certificates to the certificate list of a SSL client PSE. In SM59 only those SSL client PSEs are listed: "<i>SSL Client (anonymous)</i>", "<i>SSL Client (Default)</i>" and all SSL client PSEs that you might have defined in addition (using transaction STRUST => <i>Environment</i> => <i>SSL Client Identities</i>).
Similar Messages
-
Support for Global SSL certificates - not
Hello,
Just found out the hard way that 10g does not support Verisign Global Certificates (Secure Site Pro).
BEA, IBM, and MICROSOFT support global certificates.
Oracle is the only one that does not!
If customer requirements dictate global certificates Oracle AS is not the product to use.
HernandoSee my reply in the other thread:
Re: SSL certificates not visible while RFC destination creation
Cheers, Wolfgang -
How do I validate a certificate (not visible) at the document level?
I am using Acrobat XI Pro running in Windows 8.
I created a PDF document with form fields (type: button) and JavaScript codes (field-level and document-level). Before I certify (not visible) and save the document, I want to add a document-level script that checks if the certificate is valid. If the certificate is valid, I would like to schedule an interval object to update some of the icons in the fields. Is this possible? If so, how do I get the “certificate (not visible) field” and check that it is valid
Thanks. - johnI am using Acrobat XI Pro running in Windows 8.
I created a PDF document with form fields (type: button) and JavaScript codes (field-level and document-level). Before I certify (not visible) and save the document, I want to add a document-level script that checks if the certificate is valid. If the certificate is valid, I would like to schedule an interval object to update some of the icons in the fields. Is this possible? If so, how do I get the “certificate (not visible) field” and check that it is valid
Thanks. - john -
i have iphone 4 and it connect to some wireless networks and some others are not visible while other lphones can find these networks and i tried to restart the phone many times and there is no result, kindly advice
Some updates and clarifications:
1. I already have my 2.4 channel fixed.
2. Wireless network name is 8 alphanumeric characters; no spaces
3. Already using WPA2 security with a 10 alphanumeric key (again, no spaces)
4. I am running Airport Utility 6.0, Mac OS version 10.7.4
I should also say that these problems started happening less than a month ago...prior to that all devices where working normally.
An added update: My two e-readers (nook ST and Kindle 3) are also refusing to connect...perhaps confirming that I have 2.4 GHz issues? -
ISE: Guest SSL Certificate Not Trusted Error
Team,
We are building an ISE Demo for an event, I configured the Guest Access and it is working fine. the problem is that when the guests (Event attendess) try to access the internet they will be reditrected to teh ISE for Guest Authentication. The guest will get the below error message which doesn't look good because the ISE has the self-signed certificate and it doesn't have a public trusted certificate.
I tried to generate a trail SSL certificate from Thawte and Symentec but both replied that we couldn't verify the information you have provided. I believe this is because my domain is not publicly resgitered (I created this domain internally for the event)
Please advice what is the solution for this issue. I don't want my guest/attendees to see the error message. It doesn't look for to demonstrate ISE.
Please advice
Thanks in advanceThe only solution that can competely resolve your issue is to get a certificate from any trusted CA, like Verisign, Thawte, etc. Cost for that is typically $100 per year. Other solution is to use certificate from StartSSL. They have easy procedure for issuing ceritifcates and it's free, but in some browsers that window still may appear sometimes.
-
Hello, I just copied and pasted a config on to an 887 router.
The original config had the router's certificate visible as per normal i.e. line after line of incomprehensible code near the start of the config, like you always expect to see.
I did not want that cert, so I omitted that from the config I pasted in to the 887. Then to create a new certificate I ran the command 'crypto key generate rsa general-keys modulus 2048'. This obviously created a new certificate as I can SSH into the router without problem.
The thing that is puzzling me is how come I cannot see the certificate in the new config i.e the many lines of certificate code that you would normally see.
Why are all these lines of certificate code not visible now ?
Thanks for any help.They are no longer visible but you can show them up:
show crypto key mypubkey rsa
sh crypto key pubkey-chain rsa -
Profit centre field not visible while using Posting Key 15
Hi,
While using Tcode F-28 and Posting Key 15 profit cente field is not visible. I have checked following configuration. In OBC4 for Reconciliation account - additional account assignment - here the profit centre field is optional. Likewise I have checked OB41 for Posting key 15 - Profit centre field is optional.
Is there any other configuration to be done inorder to make the profit centre field visible.
Many thanks in advance
Regards
NarayananDear,
SAP Standard System cannot provide PRCTR field for the screen for customer/vendor line
item although it is available if the line item is a G/L account. As a
general rule, the system assumes PRCTR to be filled by document split or
by running SAPF180 and AR/AP transfer depending on NewGL PCA or
classic PCA usage.
It was and still is not possible to enter PRCTR on vendor/
customer items.
One of the workarounds using the standard tools is to use field-to-
field substitution. You can enter the profit center in dummy field,
for example XREF1, and substitute the value entered in XREF1 into
PRCTR field.
I hope this can help You.
Mauri -
Why is outbox not visible WHILE a mail is being sent?
When I am sending mail, the outbox is not visible.
The only time it appears is when there is a problem with the outgoing email and it gets 'stuck' - THEN I have an outbox.
Is there any way I can make the outbox remain visible, in case I have made a mistake, and wish to stop a mail from being sent after I have (accidentally or otherwise) clicked on 'send'?
I have a feeling that when I was running Tiger, the outbox was always visible.
I cannot remember what happened on Leopard. I am now on Snow Leopard.
thanksClick on Window in the menubar while in Mail, and choose Activity. This will bring up a monitor with a Stop button. Several seconds is not long sometimes. Watch the monitor while trying to send -- take note of the time spent connecting to the server versus the time spent transmitting.
Ernie -
Can't access Exchange ActiveSync server - SSL certificates not being used
When I try to set up my email via Exchange ActiveSync to a corporate server, I am unable to connect. I am using the same exact settings as on an iPhone, where I am able to successfully connect.
Reading the console log in the iPhone configuration utility, the problem appears to be that the iPad is not using the corporate certificates I have installed to enable SSL access to the Exchange server. These certificates are installed in the exact same way they are on my iPhone, where they work correctly.
Has anyone else had a similar problem accessing Exchange mail using SSL certificates? Any ideas on how to fix this? Or is this a bug in the iPad software?IM having the same problem. iPhone works fine on exchange atvwork but iPad with same settings says cannot connect to exchange server. Have you figured anything out yet?
Tom -
Content not visible while using DVBClassLoader
Hi, we have a problem with DVBClassLoader. We need to download several *.class files from WWW server in our application. The file is downloaded, but the problem is that the content is not visible for main Xlet class. Can someone help us please???
try {
classPath[0] = new java.net.URL("file:" + sBuffer.toString());
System.out.println("URL is " + classPath[0]);
classPath[1] = new java.net.URL("http://XXX.YYY.146.233/");
} catch (MalformedURLException e) {
cl = DVBClassLoader.newInstance(classPath);
try {
cl.findClass("SecondClass");
System.out.println("SecondClass read");
} catch (ClassNotFoundException e) {
secondClass = new SecondClass(context, scene, mainContainer, telo);
secondClass.display(path1);I haven't tried it, but it looks to me like you need to provide the parent ClassLoader in order to handle delegation to the DVBClassLoader.
intstead of this: DVBClassLoader.newInstance(classPath);
use: DVBClassLoader.newInstance(classPath, getClass().getClassLoader()); -
Just started receiving 'server's security certificate not valid for palm.imap.mail.yahoo.com' error early this morning. I have a (Sprint) Palm Pre (P100EWW) on version 1.4.1.1. How do I correct?
I have tried removing palm and still cannot get it to work! any other ideas? I did notice it changed the port to 995 when I first was entering my email info. It used to be set to 993?
Also, what do you put in the username.... is that the beginning part of the yahoo id prior to @yahoo.com? -
FTP Delivery Destination Not visible while scheduling a report.
Hi All,
We are implementing BI Publisher 11g (As part of OBIEE 11g).
In BI Pub administration we have defined FTP and Email Delivery Destinations.
But while Scheduling a report, under Destinations we see only Email option, we are not seeing FTP option.
Is this happening due to any of the missing configuration or any privileges are missing?, please clarify.
Thanks,
AdityaDo you have "Use Secure FTP" checked?
I tried adding a source with that checked and the FTP option didn't show up either, but when I unchecked that box I was able to see the FTP option. -
After reinstall, SSL certificates not accepted.
Hello there!
I've reinstalled my Macbook Air (Mid 2012, OS X Mountain Lion 10.8.2) due to a problem when I lost my password.
When I launched an app like Safari, Mail or Chrome, I've experienced the same problem. Pages using the SSL encryption were unsupported, not working. It shows the problem with the certificate which is not acceptible, old.
Please, help me out there.
In the meantime, I will be using Firefox, which works just fine (strange!).
Thank you all very much!
A.This is looking like its headed for a common problem people have been having with the GoDaddy certs - mind shooting me a PM with the url that you're using to sync with? Got a bad feeling the cert compatibility problems are real - especially if Win Mobile devices are unaffected.
Here's a similar problem: http://forums.palm.com/palm/board/message?board.id=activesync&thread.id=2600
And another with some explanation: http://forums.palm.com/palm/board/message?board.id=activesync&thread.id=4693&view=by_date_ascending&...
Message Edited by Imaginos on 02-13-2009 05:11 PM -
SSl certificate not available in the protocols properties
Hello,
I try to use SSL encryption on SQL 2008R2. I've bought a SSL 123 certificate from Thawte. I've installed this certificate in the MMC certificate snapin (personal folder). I've also imported the primary and secondary certificates of Thawte.
The certificate has been requested and installed under admin credentials. The SQL Server runs under the same credentials.
The serveur runs as a stand-alone server (no domain). The full name of the serveur is the same as the name mentioned in the certificate (myserver.mydomain.com) (mydomain.com has been added as DNS suffix in the advanced name properties)
select @@servername returns myserver.mydomain.com
The certificate appears correctly in IIS.
I've read many topics about this subject but I did not found any solution.
Thanks in advance for help,
Best regafds,
GuyHello,
The certificate used by SQL Server to encrypt connections is specified in the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.x\MSSQLServer\SuperSocketNetLib\Certificate
This key contains a property of the certificate known as thumbprint that identifies each certificate in the server. If this is null that means Certificate is not imported properly or having some issues.
You can refer to the Troubleshooting section in the
KB article to determine whether the certificate that you installed is valid.
Regards,
Fanny Liu
If you have any feedback on our support, please click here.
Fanny Liu
TechNet Community Support -
Sefl-signed ssl certificate not possible?
Hello everyone,
could it be that oit is not even possible to let flex'
webservice or httpservice connect to a
https webservice that is secured by a self-signed
certificate? There is absolutely no reason
for me to buy a "real" certificate just for encryption
purposes.
I installed crossdomain.xml on the target server, the
webservice is running fine when pasting
the urls into the browser and I installed the certificate
into IE (which I have to use here), so
is gives no error and shows the nifty little lock in the
address bar. But Flex refuses to work,
except for running the app locally (means by clicking "run"
in flex builder).
I'm using Flex 2.01 if important.
So, could anyone help me? Or is Flex just so ignorant to
self-signed webservices?
bye
sysforHi sysfor,
I am using the proper SSL certs in production and self-signed
in development & testing, no problems so far.
Flex/Flash does not deal with SSL certs authentications -
this task is delegated to browser.
So I presume that you are facing a different kind of a
problem - your crossdomain.xml is not setup properly.
Have you checked the policyfiles.txt log?
Another point, you are probably doing the calls on direct
URLS (https://myhost/path). Instead you should use a relative path.
I.e. if your swf was downloaded from server myhost, then it should
simply do the calls to ./path.
Cheers,
Dmitri.
Maybe you are looking for
-
Apple Mini-DVI to Video Adapter for eMac ?
Hi, I use an Apple Mini DVI to VGA on my eMac to expand my monitor space, connect to an old Pinceton 15" lcd, both are on 1024 x 768 res in millions colors, and work fine. My question is I have plan to buy an Apple Mini-DVI to Video Adapter since som
-
Faces icon not showing in bottom corner of Facebook broadcast.
I am using iPhoto version 8.0.3. I have never noticed this until tonight but when I upload photos to facebook and click on the album in the facebook source list in iPhoto, there is no "name" option available in the bottom left corner. When my friends
-
i have HP Pavillion dv6-6c65sx win 7 home premium ( recovery ) i bought my laptop a few months ago it had a problem i took it to the technical support they have changed the motherboard the problem was solved byt anothe proplem appeared my laptop alwa
-
Can anybody give me the solutions for these
In the definition of Item Catogory vov7, thers is a field " Relevent for Delivery", The same field is there in the definition of Scheduleline catagory vov6. 1. Y the same field is there in both definitions? 2. If I didnt check the field in item catag
-
iphone wont recognize in itunes. it's got the latest software update and the latest version of itunes on the computer. the phone works as normal but i want to restore it but can't because i can only get the the recovery mode stage and then it needs i