Show TOC

 Managing the Credentials and Trusted Certificates to Use SSLLocate this document in the navigation structure

Keystore Views Used for SSL

By default the AS Java keystore has several views that are related to the use of SSL:

  • Three of these views are used when the AS Java acts as the server-side in the SSL communication
  • One template view, which is used for storing credentials and is not used productively.
AS Java Acting as the Server-side in the SSL Communication

By default the AS Java uses port 50001 for SSL communications. The corresponding keystore view that holds the AS Java key-pair and trusted CA certificates is ICM_SSL_<instance_ID> .

There are two additional keystore views - ICM_SSL_<instance_ID>_<port> that can be used for opening other SSL ports (the <port> part of the name of the view shows which port can be opened for SSL by that view).

For more information about the entries that each of these views must contain, see: Configuration of the AS Java Keystore Views for SSL

For more information about how to setup a keystore view for SSL, see: Configuring the SSL Key Pair and Trusted X.509 Certificates

Note

To use any of these views, their content must be exported to a Personal Security Environment (PSE) file that corresponds to the given view. You must also re-export the content of a view every time you make a change in that view. Additionally the Internet Communications Manager (ICM) must be restarted, so the changes can take effect.

The service_ssl Keystore View

The service_ssl view stores the default key-pair that is generated after the installation. We recommend that you limit the use of the default key-pair to testing purposes.

Cipher Suites

You can manage the cipher suites for inbound SSL connections by using the ICM profile parameter ssl/ciphersuites . For more information about managing the cipher suites, see section 6 in SAP note 510007.

The cipher suites for outbound SSL connections cannot be managed.

Opening Other Ports for SSL

By using the SSL configuration tool, you can open an arbitrary number of ports to use for SSL. Optionally, you can create more keystore views for these ports. The rules that apply to these views are the same that apply to the ICM_SSL_<instance_ID> and ICM_SSL_<instance_ID>_<port> views.

For more information about opening new SSL ports, see: Adding New SSL Access Points

For more information about the rules for SSL views, see: Configuration of the AS Java Keystore Views for SSL