Start of Content Area

 Exporting and Importing Portal Certificates  Locate the document in its SAP Library structure

Use

The portal certificate is required for displaying content from the BW system in the portal and must be imported after the export from the BW system.

Procedure

Exporting the Portal Certificate from the Portal

...

       1.      Start the SAPNetWeaver Administrator using <PORTAL_VERZEICHNIS>\admin\go.

       2.      Connect to the portal server.

       3.      In the tree, choose <SID>/Server<…>/Services/Key Storage.

       4.      Under Views, select the TicketKeystore view.

       5.      If the SAPLogonTicketKeypair-cert is not available under Entries, generate a portal certificate using the following steps. Otherwise skip to step 9 to continue with the export.

       6.      Under Entry, choose Create.

Enter the following values in Key and Certificate Generation:

       Subject Properties: Every key must have a value under Value.

The value CN=Common Name is displayed as the owner in transaction STRUSTSSO2 and is used to identify the certificate. We recommend that you use <HOSTNAME_PORT> from the portal server.

       Entry Name: SAPLogonTicketKeypair (the entry SAPLogonTicketKeypair-cert is generated automatically)

       Store Certificate: X

       Algorithm: DSA

       7.      To generate the certificate, choose Generate.

       8.      Under Entries, select SAPLogonTicketKeypair-cert.

       9.      Under Entry, click Export.

   10.      Export the portal certificate as <PORTAL_SID>_certificate.crt in the file format X.509 Certificate (*.crt).

Import the Portal Certificate to the BW System

...

       1.      In transaction STRUSTSS02, choose Certificate ® Import and import file <PORTAL_SID>_certificate.crt in binary format.

       2.      To add the certificate to the SSO access control list (ACL), choose Edit ® Certificate in Access Control List (ACL).

For the portal, you can specify the system ID of the portal as the system and the value of parameter logon.ticket_client as the client (see Configure User Management in the Portal). If the logon.ticket_client parameter is not maintained, client 000 can be used.

The system ID of the portal is specified when the portal is installed and can be found in the file path for the portal: #/<PORTAL_SID>/JC<Instance Number>/j2ee/cluster/server<Number>/#

       3.      To add the certificate to the list of certificates, choose Edit ® Add Certificate.

       4.      If you want to distribute the settings across multiple application servers, select Distribute in the context menu for the tree on the left.

There may be a time delay when distributing the certificate. If necessary, check repeatedly whether the certificate was successfully distributed.

       5.      Save your entries.

When changing user management in the portal, it might be necessary to create a new certificate and import it into the BW system. The certificate for the portal is automatically regenerated when the Application Server Java is restarted. It can then be re-exported.

Check

You can check whether the portal certificate was imported successfully by calling a BEx Web application. You should not be prompted for a password.

 

 

End of Content Area