Hi there
We are very close to moving to production our Secure Login server which will allow us to single sign on to all the SAP systems that we need to logon to. Initially we created a separate PKI using the Secure Login application in order to test the functionality between the Secure Login client, the server and the various systems that we needed to connect to using SNC. We now have almost everything working, but before distributing the Root CA certificate to alle the Windows clients that will need this certificate using group policies, we have been experimenting a bit with setting up the SAP PKI as a subordinate CA to our existing Microsoft PKI. That does not seem to work, but then again, I might be doing something wrong...?
I attempted to create a certificate request for the Root CA on the SAP side using the openssl implementation in Cygwin. We did get the certificate request signed as a p7b certificate. I then attempted to convert the p7b to af pfx file which would allow me to import it in the SAP PKI. The SAP PKI however, did not allow me to import the certificate as a Root CA. It only allowed me to import it as a SAP server CA. Am I doing something wrong? Shouldn't it be possible for the Microsoft PKI and the SAP PKI to coexist without distributing to seperate Root CA's with group policies.
Best regards,
Anders