Show TOC

Exporting and Importing Portal CertificatesLocate this document in the navigation structure

Use

The portal certificate is required in order to display content from the BW system in the portal and must be imported being exported from the BW system.

Procedure

Exporting the Portal Certificate from the Portal

  1. Start SAP NetWeaver Administrator at http://<host>:<httpport>/nwa.

  2. Choose Start of the navigation path Konfiguration Next navigation step Security Next navigation step Certificates and Keys End of the navigation path.

  3. Under Keystore Views, select the TicketKeystoreview.

  4. If you cannot find the SAPLogonTicketKeypair-certunder Display Entries, generate a portal certificate as follows: Otherwise skip to step 9 to continue with the export.

  5. Under Display Entries, choose Create.

    In the the Entry Settingsstep, enter the following values:

    • Entry NameSAPLogonTicketKeypair (the SAPLogonTicketKeypair-certentry is generated automatically)

    • Store Certificate: X

    • Algorithm: DSA

    In the Owner Propertiesstep, note that there must be a value for every key under Value.

    The value CN=Common Nameis displayed as the owner in transaction STRUSTSSO2 and is used to identify the certificate. We recommend using <HOSTNAME_PORT> from the portal server.

  6. To create the certificate, press Finishin the Summarystep.

  7. Under Entries, select SAPLogonTicketKeypair-cert.

  8. Choose New Entries.

  9. Export the portal certificate as <PORTAL_SID>_certificate.crtin the file format X.509 Certificate (*.crt).

Import the Portal Certificate to the BW System

  1. In transaction STRUSTSS02, choose Start of the navigation path Import  Next navigation step Certificate End of the navigation pathand import file <PORTAL_SID>_certificate.crtin binary format.

  2. To add the certificate to the SSO access control list (ACL), choose Start of the navigation path Edit  Next navigation step Certificate in ACL End of the navigation path.

    For the portal, you can specify the system ID of the portal as the system and the value of parameter logon.ticket_clientas the client. If the logon.ticket_clientparameter has not been defined, client 000 can be used.

    The system ID of the portal is specified when the portal is installed and can be found in the file path for the portal: #/<PORTAL_SID>/JC<Instance Number>/j2ee/cluster/server<Number>/#

  3. To add the certificate to the list of certificate, choose Start of the navigation path Edit  Next navigation step Add Certificate End of the navigation path.

  4. If you want to distribute the settings across multiple application servers, choose Distributein the context menu for the tree on the left.

    There may be a time delay when distributing the certificate. If necessary, check again whether the certificate has been successfully distributed.

  5. Save your entries.

When changing user management in the portal, it might be necessary to create a new certificate and import it into the BW system. The certificate for the portal is automatically regenerated when the Application Server Java is restarted. It can then be re-exported.

Check

You can check whether the portal certificate was imported successfully by calling a BEx Web application. You should not be prompted for a password.