Providing the Certificates for the Java Client
The Java client requires the following so that it can communicate with the Web server using a secure connection:
A client certificate
The root certificate of the CA that issues the client certificate
You manage both certificates for the Java client using the SAP NetWeaver Administrator.
The SAP NetWeaver Administrator is a Graphical User Interface (GUI) that you can use to administrate and monitor the Application Server Java.
Process Flow
The graphic below depicts the steps required and the order in which you carry them out.
Use SAP NetWeaver Administrator to create a keystore for the Java client on the server of the application that is using TREX. The keystore is a file that contains the public and private key of the certificate owner and that is protected by a password.
You then create a certificate request.
Send this request to the CA.
As soon as the CA has issued the client certificate, you can collect it along with the root certificate of the CA.
You import both the client certificate and the root certificate using the SAP NetWeaver Administrator.
You then create user-based permissions so that all users have access to the keystore you created (TREXKeyStore).
Configuring Authentication on the TREX Web Server
When you provide the certificates for the TREX Web server, you enter the owner and issuer of the client certificate into the configuration file TREXcert.ini (Windows/IIS) or httpd.conf (UNIX/Apache Web Server) so that the Java client can authenticate itself with the Web server. You do this after providing the certificates for the TREX Java client.