By default the AS Java keystore has several views that are related to the use of SSL:
By default the AS Java uses port 50001 for SSL communications. The corresponding keystore view that holds the AS Java key-pair and trusted CA certificates is ICM_SSL_<instance_ID> .
There are two additional keystore views - ICM_SSL_<instance_ID>_<port> that can be used for opening other SSL ports (the <port> part of the name of the view shows which port can be opened for SSL by that view).
For more information about the entries that each of these views must contain, see: Configuration of the AS Java Keystore Views for SSL
For more information about how to setup a keystore view for SSL, see: Configuring the SSL Key Pair and Trusted X.509 Certificates
To use any of these views, their content must be exported to a Personal Security Environment (PSE) file that corresponds to the given view. You must also re-export the content of a view every time you make a change in that view. Additionally the Internet Communications Manager (ICM) must be restarted, so the changes can take effect.
The service_ssl view stores the default key-pair that is generated after the installation. We recommend that you limit the use of the default key-pair to testing purposes.
You can manage the cipher suites for inbound SSL connections by using the ICM profile parameter ssl/ciphersuites . For more information about managing the cipher suites, see section 6 in SAP note 510007.
The cipher suites for outbound SSL connections cannot be managed.
By using the SSL configuration tool, you can open an arbitrary number of ports to use for SSL. Optionally, you can create more keystore views for these ports. The rules that apply to these views are the same that apply to the ICM_SSL_<instance_ID> and ICM_SSL_<instance_ID>_<port> views.
For more information about opening new SSL ports, see: Adding New SSL Access Points
For more information about the rules for SSL views, see: Configuration of the AS Java Keystore Views for SSL