What to do if SSO Certificate Expires

You may come across such situation, that

Administrator receives a call telling that SSO from EP to SAP R/3 is not working.
1. Administrator looks at the error message
2. Finds that the error message is about SSO Certificate expiry.


Have to generate a new certificate and import in R/3 .


log in to Visual Administrator using administrator UId and Password.
Go to Keystore Administration. There you can find two entries
        1) SAPLogonTicketkeypair
        2) SAPLogonTicketkeypair-cert

It is advised you to take back up of both the entries.

Now we would need to create a new certificate.
Select SAPLogonTicketkey-pair and then click on Create.

Enter the following information.

Entry Name: SAPLogonTicketKeypair

Common Name: <sid>

Check Store Certificate Yes

Algorithm: DSA

Valid To: You set the expiry date

Once the certificate is created.
Click on Generate.

Download the verify.der file and copy on the Application Server.
Import the certificate using transaction STRUSTSSO2.
A new certificate is imported and expiry date is changed.
You are ready to use the Portal now.

No comments:

Post a Comment