Download the public-key certificate of the Portal Server
Use the Keystore Administration functions of the SAP NetWeaver Administrator to download the verify.der file from the portal.
Import public-key certificate of the Portal Server to the component system's certificate list and add the Portal Server to the ACL of the component system
Both of these steps can be performed with transaction STRUSTSSO2, which is an extended version of transaction STRUST. For detailed documentation on transaction STRUST, see the Web Application Server documentation under Security → Trust Manager.
A screen with the following layout appears.
The PSE status frame on the left displays the PSEs that are defined for the system.
The PSE maintenance section on the top right displays the PSE information for the PSE selected in the PSE status frame.
Below that, the certificate section displays certificate information for a certificate that you have selected or imported.
The Single Sign-On ACL section on the bottom right displays the entries in the ACL of the system.
The layout of the transaction varies slightly, depending on the release of the SAP system.
The Import Certificate screen appears.
If you are using an Add-In installation, you must change the client to a value other than 000 . For more information, see Specifying the AS Java Client to Use for Logon Tickets .
The other values are taken from the certificate.
The SAP component systems are able to accept logon tickets and verify the portal server's digital signature when they receive a logon ticket from a user.