SAP Web Application Server 6.10+

After you have generated a key pair and certificate request, you must send the certificate request to a CA to be signed. The response from the CA is a signed public-key certificate for the server.

Prerequisites
The trust manager requires that the certificate request response adheres to the PKCS#7 certificate chain format. This means that the response contains both the requester's signed public-key certificate as well as the CA's root certificate. As an alternative, the CA may issue a stand-alone certificate in PEM format. Note the following:
PKCS#7 certificate chain format
In this case, the issuing CA provides the certificate request response in the necessary format.
For example, the SAP CA provides the response in this format, or you can request this format from your CA.

PEM format (Base64 encoded)
As an alternative, you may receive a certificate request response from your CA in PEM format, which contains only the signed public-key certificate. 
In this case, the CA's root certificate must also exist in the database. The trust manager then automatically modifies the certificate request response so that it exists in the necessary format before importing it into the server's PSE.

Procedure
For each certificate request that you generated:

  1. If you saved the contents of the request to a file, then make sure the contents have not been corrupted during download. For example, if you generate the certificate request on a UNIX system and save it to a Windows front end client, the line feeds and carriage returns may be replaced with special characters. 
    To check the contents, open the certificate request with a text editor and repair any corrupt line feeds or carriage returns. Because many editors use hidden characters for formatting, use a text editor that does not support formatting features, for example, Notepad.
    The example below shows a correct certificate request.

    -----BEGIN CERTIFICATE REQUEST-----
    MIIBkzCCAVICAQAwWjELMAkGA1UEBhMCREUxHDAaBgNVBAoTE215U0FQLmNvbS
    BXb3JrcGxhY2UxDzANBgNVBAsTBlNBUCBBRzEOMAwGA1UECxMFQmFzaXMxDDAK
    BgNVBAMTA0JJTzCB7jCBpgYFKw4DAhswgZwCQQCSnauC/cAfQVrmOtWznQ9I+i
    4twoPq8wCE0Fk5EAVjQnX2oMqBnyoi+ee/ZH2cLwyhp5mOOw70+exS7PHEWKiF
    AhUAw9FSY1AsFV4U9fC9w+Bg5H4ISYcCQARcC+7q3UkM0TF0A5zRaq7viO3Wj2
    MwYUNwFkc0hxzhloUQd21megZADoFiisdzkn/nF4eIxV9vq9XxcV63xTsDQwAC
    QFher18UA8YkY4/zHe4mbupBXvDSucm2nbJuQ5PgDBvVaMmtpXIisyzuAFL+qC
    zQ92mkNqUR9JLWpz09ghQdISCgADAJBgcqhkjOOAQDAzAAMC0CFA7qEluP/Kfi
    +6HF/8I7j4NfF44xAhUAqkDgAeR3tzmNegKUTQ+JzeCXawE=
    -----END CERTIFICATE REQUEST-----

  2. Send the contents of the certificate request to the CA of your choice.
    The exact procedure to use depends on the CA that you use.
    Result
    The CA will validate the information contained in the certificate request (according to its own policy) and return a response that contains the signed public-key certificate.

SSL Certificates

Entrust SSL certificates inspire consumer trust by signifying a Web site's commitment to protecting the personal information of its visitors. By using SSL, companies help ease the security concerns of its customers, leading to a more engaging online experience. An SSL certificate is used to confirm that an SSL encryption algorithm is actively securing data being transmitted to a Web site. Digital certificates usually contain the SSL subscriber's information, the name of the certificate issuer, and the strength of the encryption in use. In addition to the "padlock" icon displayed in Web browsers and the https:// prefix, the SSL certificate is one more indicator customers look for as evidence that a Web site is serious about protecting their information.