Show TOC

Creating Trust Between Portal and Back-End SystemsLocate this document in the navigation structure


To enable communication between the portal system and the back-end system, you must establish trust between them. Trust between the systems is implemented by using public-key certificates. In general, the party wishing to open communication presents its certificate, and the target needs to accept the certificate authority for communication to proceed. In the current case, of establishing trust from the system landscape overview to the selected back end, trust is established between the two sides by a single action.


  • Trust is established using the default certificate only ( SAPLogonTicketKeypair-cert ).

  • The certificate is added to the back-end system ACL (access list) using the default client only (000).

Establishing Trust

  1. In the system landscape overview, select a system.

  2. Choose Establish Trust .

  3. In the Establish Trust dialog box that appears, enter the username and password necessary to access the back-end system and choose Apply .

Establishing Trust Manually

Export the Certificate from the SAP NetWeaver Administrator

  1. Access SAP NetWeaver Administrator, using the format hostname:port/nwa .

  2. Go to Start of the navigation path Configuration Next navigation step Security Next navigation step Certificates and Keys End of the navigation path.

  3. Go to the Key Storage tab, to the table Key Storage Views and the details of the TicketKeystore view.

  4. Choose the default certificate SAPLogonticketKeypair-cert .


    It is possible to create additional certificates for establishing trust.

  5. Choose Export Entry .

  6. In the Export Entry to File dialog box, select the required export format and then choose Download . Specify a location on the file system in which to save the exported key.

Import the Certificate into the Back-End System

  1. To establish trust at the back end, use the transaction strustsso2 and choose Import Certificate and select the certificate that you previously exported to the file system.

  2. Choose Add to Certificate List .

  3. Choose Add to ACL .


    You must choose the Add to ACL option for each system client that runs applications that are integrated into your portal.

  4. In the displayed dialog box, specify the system ID for the certificate, and specify 000 for the client. You can open the certificate to verify the system ID if needed.

  5. Choose Save .