Show TOC

 Replacing the Key Pair to Use for Logon TicketsLocate this document in the navigation structure

Use

There are several use cases for replacing the key pair to use for logon tickets on the AS Java, for example:

  • You must replace one of the key pairs so that the Distinguished Names are unique.
  • You must replace the key pair used for logon tickets before the public-key certificate expires.

This procedure describes how to replace the AS Java's key pair to use for logon tickets.

When creating the key pair, you must use the following information.

  • The key pair must exist in the keystore view TicketKeystore .
  • The entry must have the name SAPLogonTicketKeypair .
  • Later, you have to be able to export the public-key certificate so that you can import it into the accepting servers' keystores or Personal Security Environments (PSEs). Therefore, store the public-key certificate separately using the Store certificate option.
  • Use the DSA algorithm.
Procedure

Using the Key Store management functions of the SAP NetWeaver Administrator:

  1. Select the TicketKeystore view.
  2. Delete the SAPLogonTicketKeypair and SAPLogonTicketKeypair-cert entries.
  3. Create a Key Pair and a Public-Key Certificate with the following properties.

    For more information about creating key pairs in a key store view, see Creating a Key Pair and Public-Key Certificate .

    1. Enter SAPLogonTicketKeypair as the key pair Entry Name.
      Caution

      Do not enter a different name. This AS Java uses the entry with this name to sign logon tickets.

    2. Choose DSA as the algorithm to use.
    3. Select the options to store the public key certificate
    4. Enter the Subject Properties in the corresponding fields.

      The entries in these fields build a Distinguished Name in the form:

      CN=<Common Name>, OU=< Organization Unit Name >, O=< Organization Name >, L=< Locality Name >, ST=< State/Province >, C=DE

      Note

      Use capital letters for the Country Name.

Result

The AS Java uses this public-key certificate to digitally sign logon tickets.

You must also import this key pair into all ticket-accepting systems.