Liquid UI - Documentation - 4.14 Generate key certificate and CyberSafe installation

4.14 Generate key certificate and CyberSafe installation


Creating certificates using OPENSSL:

You can generate certificate key pair using your own certificate authority. Make sure that it is acceptale by SAP Kernel. You need to generate P12 that can be used by Liquid UI Server.

If you are not using own certificate authority, follow below directions to generate a self signed certificate. Certificate can be generated with the online openssl.exe tool, using the following commands:

>>openssl dsaparam -noout -out luikey.pem -genkey 1024
>>openssl req -x509 -new -sha1 -days 7300 -key luikey.pem -out luicert.pem

You are about to be asked to enter information in the fields, that will be incorporated into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN. If you enter '.', the field will be left blank. There are quite a few fields, you can leave some blank or place a default value.

  • Country Name (2 letter code) [AU]:US
  • State or Province Name (full name) [Some-State]:CA
  • Locality Name (eg, city) []:Foster City
  • Organization Name (eg, company) [Internet Widgits Pty Ltd]:
  • Liquid UI Organizational Unit Name (eg, section) []:LUX
  • Common Name (e.g. server FQDN or YOUR name)[]:
  • Email Address []:
  • Enter Export Password: Verifying - Enter Export Password:

>>openssl pkcs12 -export –inkey luikey.pem -in luicert.pem -out LuiKeyPair.p12

 

P12 Password Encryption

  1. Log into SAP with Liquid UI activated.
  2. In SAP GUI, specify below command in the command field, and press ‘Enter’.
    /wsmessage(encrypt("PLAINTEXTPASSWORD"),1)
  3. PLAINTEXTPASSWORD: specify the password that needs to be encrypted.
  4. After execution of the command, a message popup will appear with the encrypted password.
  5. Copy and paste the encrypted password in strustsso2 option in the sapproxy.ini file.

 

Cyber Safe Installation and Configuration

  • Cyber Safe Software needs to be installed on the Liquid UI Server Machine.
  • ktutil needs to be executed as per documentation from Cyber Safe to generate key tab file for the Liquid UI server principal name
  • You will be needed Domain Admin priviliges of your company to complete this task
  • Example: From the Windows command prompt (Administrative mode)
    >> ktutil -x sapdep/liquidui1.domainname.net@GUWW.NET

Can't find the answers you're looking for?