Creating a Key Pair and Public-Key Certificate and Signing It

Use

Here you will find information on how to generate a new private key and certificate (referred to as keypair) and then sign the certificate using an external Certification Authority (CA).

Procedure

Step 1: Creating a New Key Storage View

This view is the location where you build and work with the certificates and private keys that you manage in Key Storage.

  1. Call the SAP NetWeaver Administrator.
  2. Choose the Configuration tab.
  3. Choose the Certificates and Keys link.
  4. Open the Key Storage tab.
  5. Choose Create View.
  6. Specify the keystore view properties:
    • Name (Mandatory) - for example, My_keystore_view .
    • Description (Optional) - for example, a tutorial keystore view. .
    • PSE image (Optional).
  7. Finally, choose Create.

Step 2: Generating the New Key and Certificate:

  1. Select the view - for example, My_keystore_view - from the Key Storage Views.
  2. In the View Entries tab, choose Create.
  3. Define the settings for the new entry.
    1. In the Entry Name field, specify the name of the newly generated keypair.
    2. Choose the RSA certificate algorithm from the Algorithm.
    3. Leave the default certificate key length in Key Length.
    4. Specify a certificate validity period in the Valid From and Valid To fields.
  4. Choose Next.
  5. Specify the properties of the certificate:
    1. countryName - specify your country two-letter code. For example: US .
    2. commonName - specify a common name for the certificate. For example: my_cert .
  6. Choose Next.
  7. Do not change the settings here. Choose Next.
  8. Check your settings and choose Finish.

    You have successfully generated a new keypair entry in Key Storage. You can see the generated key and certificate in the Details of entry <name> view.

Step 3: If you want to sign the certificate with a CA, export the certificate to the file system as a certificate signing request (CSR).

  1. Choose the newly generated private key entry from the View Entries list.
  2. Choose Generate CSR Request button.
  3. As a format, choose Base64 PKCS#10.
  4. Download and save your file.

Step 4: Send the file to a CA for signing.

Step 5: Import the received certificate signing response to the same private key entry by choosing the Import CSR Response button.