Keystore Administration

Use

The keystore administration functions of the SAP NetWeaver Administrator tool enable you to download as files the portal server certificate and the portal personal storage environment ( PSE ) which contain the portal's certificate. The certificate file can be uploaded to SAP NetWeaver Application Server (AS) ABAP or AS Java systems that accept portal tickets.

You manage all keystores using the key storage functions of the SAP NetWeaver Administrator. The TicketKeystore contains the private and public key of the portal and its certificate. Certificates of Certification Authorities (CA) that the portal trusts are stored in the TrustedCAs keystore.

Prerequisites

To use the key store administration functions of the SAP NetWeaver Administrator, you must be assigned to the System Administration role.

Features

With the key storage administration functions of the SAP NetWeaver Administrator, you can do the following:

View contents of TicketKeystore
Import certificates into TicketKeystore
Download a portal server certificate ( equivalent to verify.der ) as a ZIP file
Download all certificates trusted by the portal in PSE form ( verify.pse ) as a ZIP file

Activities

Accessing Keystore Administration

To access keystore administration in the SAP NetWeaver Administrator, enter the following URL:

<http/https>://< AS_Java_hostname>:< HTTP_port>/nwa/key-storage

Using Keystore Administration

Activity	Action
View contents of `TicketKeystore`	Select `TicketKeystore` from the list of available keystore views.
Import certificates of trusted entities into `TicketKeystore`	On the `Content` tab, choose `Import Entry` . The `Entry Import` dialog appears. In `Select Entry Type` :, choose `X.509` and browse to the location of the exported entry. Here you have three choices, depending on the type of entry you want to import: `X.509` `PKCS#12 Key Pair` `PKCS#8 Key Pair` Choose `Import` .
Download portal server certificate	Select `SAPLogonTicketKeypair-cert` from the list of available view entries. Choose `Export Entry` . Choose `Binary X.509 Certificate File` for the download format. The downloaded file is equivalent to the portal server certificate `verify.der` that was available in previous SAP NetWeaver versions. The certificate can be uploaded to a portal ticket accepting AS ABAP or AS Java systems.

Activity

Action

View contents of TicketKeystore

Select TicketKeystore from the list of available keystore views.

Import certificates of trusted entities into TicketKeystore

On the Content tab, choose Import Entry .
The Entry Import dialog appears.
In Select Entry Type :, choose X.509 and browse to the location of the exported entry. Here you have three choices, depending on the type of entry you want to import:
- X.509
- PKCS#12 Key Pair
- PKCS#8 Key Pair
Choose Import .

Download portal server certificate

Select SAPLogonTicketKeypair-cert from the list of available view entries.
Choose Export Entry .
Choose Binary X.509 Certificate File for the download format.

The downloaded file is equivalent to the portal server certificate verify.der that was available in previous SAP NetWeaver versions. The certificate can be uploaded to a portal ticket accepting AS ABAP or AS Java systems.