Start of Content Area

Procedure documentation Deploying the SAP Java Cryptographic Toolkit  Locate the document in its SAP Library structure

Use

Per default, the SAP J2EE Engine is delivered with an export version of the security toolkit that only contains functions for digital signatures, but does not contain the encryption functions necessary for using SSL. Therefore, before you can use SSL on the SAP J2EE Engine you must replace this default library with the complete version of the SAP Java Cryptographic Toolkit.

You can skip this procedure if you installed the SAP Java Cryptographic Toolkit during the J2EE Engine installation.

Caution

The distribution of the SAP Java Cryptographic Toolkit is subject to and controlled by German export regulations and is not available to all customers. In addition, the library may be subject to local regulations of your own country that may further restrict the import, use and (re-)export of cryptographic software. If you have any further questions on this issue, contact your local SAP subsidiary.

Prerequisites

·        You have obtained the SAP Java Cryptographic Toolkit package that corresponds to your SAP J2EE Engine release.

This package is available on the SAP Service Marketplace at service.sap.com/download under Download  ® SAP Cryptographic Software.

Note

The SAP Java Cryptographic Toolkit package contains the corresponding Software Delivery Archives (SDAs) for both J2SE 1.3.x and J2SE 1.4.x. The SDAs contain the file iaik_jce.jar, which replaces the export version of the toolkit iaik_jce_export.jar.

·        If you use J2SE 1.4 or higher, then you also have to install and use the unlimited strength jurisdiction policy files from your J2SE vendor to be able to use the strong cryptography functions used by the Secure Storage and SSL Provider services. (Per default, only limited policy files are delivered with the J2SE 1.4 packages.)

Caution

The use of these policy files can underlie import regulations. Make sure you are allowed to use these files before you download and install them.

Link to external website

The policy files you use need to be provided by the same vendor as your J2SE package.

The policy files to use with the Sun Java Development Kit are available from Sun Microsystems, Inc. at java.sun.com.

For other vendors, see their corresponding documentation.

·        The SAP J2EE Engine and the Software Deployment Manager (SDM) are running.

Procedure

...

       1.      Unpack the SAP Cryptographic Toolkit package into a local directory.

       2.      Using the SDM Remote GUI, connect to the SAP J2EE Engine and deploy the SAP Java Cryptographic Toolkit SDA that applies to your J2SE version (1.3.x or 1.4.x).

For more information about using the SDM see the Software Deployment Manager in the Development Manual.

Recommendation

You can now change the startup mode for the SSL Provider so that it automatically starts when the server is started. Use the Configuration Adapter in the Visual Administrator and set the startup mode to Always instead of Manual. For more information, see Changing the Startup Mode for the SSL Provider.

       3.      Restart the J2EE dispatcher and server. Also restart any tools such as the Visual Administrator or the Config Tool that are running.

Note

You can verify that the correct library has been loaded under Dispatcher  ® Libraries  ® core_lib in the Visual Administrator. The iaik_jce.jar should be included in the list of loaded jars and not iaik_jce_export.jar.

Result

The SAP Java Cryptographic Toolkit replaces the export version of the toolkit on the J2EE dispatcher and server.

You should periodically check for an updated version of this library on the SAP Service Marketplace, for example, when you install support packages.

 

 

End of Content Area