How to update ABAP certificate using Replacement Wizard

How to update ABAP certificate using Replacement Wizard
Estimated read time 7 min read

Hello Everyone,

In this blog post, I would like to explain how we can utilize Replacement Wizard in STRUST t-code for SAP NW ABAP environment. Many times BASIS team has to renew SSL certificates available in SSL SERVER STANDARD PSE. During certificate renew if you receive a request to change value of OU, SP or C then with create certificate request mechanism option it won’t help. At this point of time we need to generate new CSR using Replacement Wizard Tool option. Follow these simple steps and your certificate has been updated with new OU or SP or C name with new validity.

Steps to Follow:

(1) Go to STRUST t-code and click on change button. Take backup of SSL SERVER STANDARD PSE to your local machine in case of any issue to restore back

(2) Right click on SSL SERVER STANDARD PSE and select Replacement Wizard Option

(3) It will start the milestone

(4) In below step Choose Distinguished Name we can change the OU or SP or C name as per new requirement. We received a request from CA team to change the OU name as per new organization policy

(5) Select Algorithm from available options

(6) Click on Create Key Pair

(7) We can save generated CSR to local .txt file and send it to CA team for sign

 Until it has been signed back no need to stay on same screen as signing certificate from CA team sometime would take couple of days. We can simply come back and once we receive a signed certificate, Replacement Wizard will start from this step itself.

Following step is very important. If not followed properly then it might possible that you cannot import response back and certificate cannot be renewed.

(8) Once received a signed certificate back, we need to combine main, intermediate and root certificate to one common .txt file as below

—–BEGIN CERTIFICATE—–

<Base64-coded content of the newly issued certificate>

—–END CERTIFICATE—–

—–BEGIN CERTIFICATE—–

<Base64-coded content of the intermediate CA’s certificate>

—–END CERTIFICATE—–

—–BEGIN CERTIFICATE—–

<Base64-coded content of the root CA’s certificate>

—–END CERTIFICATE—–

Copy content and paste to another notepad.

Follow same for intermediate and root certificate.

If root certificate directly not sent by CA team then first save it in .cer or .crt format as per below method.

Open either main or intermediate certificate and go to Certification Path. Select root certificate and double click on it.

Now go to Details–>Copy to File

Click on Next button

Select option Base-64 encoded X.509 (.CER) and click on Next button

Click on Finish button. It will export certificate to local machine with .cer format. Open same in notepad and combine to another notepad where main and intermediate certificate is there. After that save file in .txt format.

(9) Now go to STRUST t-code and click on Change button. Right click on SSL SERVER STANDARD PSE and select option Replacement Wizard. It will resume milestone from the same step

(10) Click on Next button and import .txt file which has all three certificates combined (main, intermediate and root)

Click on Load Local file button.

(11) Click on Import Certificate Response button

(12) We can see that new certificate response has been imported. To activate the same, please click on Activate new Key Pair and Certificate

(13) Click on the back button and we can see that certificate has been updated with new OU name and new validity. All other remaining certificated in certificate list won’t affected with this

I hope this would help BASIS team member to efficiently use of Replacement Wizard tool in STRUST t-code. For more information, one can refer SAP note: 3431066 – How to sign a certificate using the Replacement Wizard tool

Regards,

Harshil Shah

 

 

 

 

 

 

​ Hello Everyone,In this blog post, I would like to explain how we can utilize Replacement Wizard in STRUST t-code for SAP NW ABAP environment. Many times BASIS team has to renew SSL certificates available in SSL SERVER STANDARD PSE. During certificate renew if you receive a request to change value of OU, SP or C then with create certificate request mechanism option it won’t help. At this point of time we need to generate new CSR using Replacement Wizard Tool option. Follow these simple steps and your certificate has been updated with new OU or SP or C name with new validity.Steps to Follow:(1) Go to STRUST t-code and click on change button. Take backup of SSL SERVER STANDARD PSE to your local machine in case of any issue to restore back(2) Right click on SSL SERVER STANDARD PSE and select Replacement Wizard Option(3) It will start the milestone(4) In below step Choose Distinguished Name we can change the OU or SP or C name as per new requirement. We received a request from CA team to change the OU name as per new organization policy(5) Select Algorithm from available options(6) Click on Create Key Pair(7) We can save generated CSR to local .txt file and send it to CA team for sign Until it has been signed back no need to stay on same screen as signing certificate from CA team sometime would take couple of days. We can simply come back and once we receive a signed certificate, Replacement Wizard will start from this step itself.Following step is very important. If not followed properly then it might possible that you cannot import response back and certificate cannot be renewed.(8) Once received a signed certificate back, we need to combine main, intermediate and root certificate to one common .txt file as below—–BEGIN CERTIFICATE—–<Base64-coded content of the newly issued certificate>—–END CERTIFICATE———-BEGIN CERTIFICATE—–<Base64-coded content of the intermediate CA’s certificate>—–END CERTIFICATE———-BEGIN CERTIFICATE—–<Base64-coded content of the root CA’s certificate>—–END CERTIFICATE—–Copy content and paste to another notepad.Follow same for intermediate and root certificate.If root certificate directly not sent by CA team then first save it in .cer or .crt format as per below method.Open either main or intermediate certificate and go to Certification Path. Select root certificate and double click on it.Now go to Details–>Copy to FileClick on Next buttonSelect option Base-64 encoded X.509 (.CER) and click on Next buttonClick on Finish button. It will export certificate to local machine with .cer format. Open same in notepad and combine to another notepad where main and intermediate certificate is there. After that save file in .txt format.(9) Now go to STRUST t-code and click on Change button. Right click on SSL SERVER STANDARD PSE and select option Replacement Wizard. It will resume milestone from the same step(10) Click on Next button and import .txt file which has all three certificates combined (main, intermediate and root)Click on Load Local file button.(11) Click on Import Certificate Response button(12) We can see that new certificate response has been imported. To activate the same, please click on Activate new Key Pair and Certificate(13) Click on the back button and we can see that certificate has been updated with new OU name and new validity. All other remaining certificated in certificate list won’t affected with thisI hope this would help BASIS team member to efficiently use of Replacement Wizard tool in STRUST t-code. For more information, one can refer SAP note: 3431066 – How to sign a certificate using the Replacement Wizard toolRegards,Harshil Shah        Read More Technology Blogs by Members articles 

#SAP

#SAPTechnologyblog

Avatar for

You May Also Like

More From Author