Show TOC Start of Content Area

Procedure documentation Creating a Key Pair and Public-Key Certificate and Signing It

Use

Here you will find information on how to generate a new private key and certificate (referred to as keypair) and then sign the certificate using an external Certification Authority (CA).

Procedure

Step 1: Creating a New Key Storage View

Thisview is the location where you build and work with the certificates and private keys that you manage in Key Storage.

...

       1.      Call the SAP NW Administrator.

       2.      Choose the Configuration tab.

       3.      Choose the Certificates and Keys link.

       4.      Open the Key Storage tab.

       5.      Choose Create View.

       6.      Specify the keystore view properties:

       Name (Mandatory) - for example, My_keystore_view

       Description (Optional) - for example, a tutorial keystore view.

       PSE image (Optional)

       7.      Finally, choose Create.

Step 2: Generating the New Key and Certificate:

...

       1.      Select the view - for example, My_keystore_view, from the Key Storage Views.

       2.      In the View Entries tab, choose Create.

       3.      Define the settings for the new entry.

In the View Entries tab choose Create.

In the View Entries tab choose Create.

                            a.      In the Entry Name field, specify the name of the newly generated keypair

                            b.      Choose the RSA certificate algorithm from the Algorithm.

You can choose between RSA (Rivest, Shamir, Adleman) or DSA (Digital Signature Algorithm).

                            c.      Leave the default certificate key length in Key Length.

                            d.      Specify a certificate validity period in the Valid From and Valid To fields.

Note

The values you specify must be in the American standard yyyy-mm-dd.

       4.      Choose Next.

       5.      Specify the properties of the certificate:

                            a.      countryName – specify your country two-letter code. For example: US.

                            b.      commonName – specify a common name for the certificate. For example: my_cert.

       6.      Choose Next.

       7.      Do not change the settings here. Choose Next.

       8.      Check your settings and choose Create.

You have successfully generated a new keypair entry in Key Storage. You can see the generated key and certificate in the Keystore Entries list.

Step 3: To sign the certificate with a CA, export the certificate to the file system as a certificate signing request (CSR).

...

                             Choose the newly generated private key entry from the View Entries list.

Choose the newly generated private key entry from the View Entries list.

sklfgjk Choose the newly generated private key entry from the View Entries list.

       1.      Choose the newly generated private key entry from the View Entries list.

       2.      Choose Generate CSR Request button.

       3.      As a format, choose Base64 PKCS#10.

       4.      Download and save your file.

       5.      Send the file to a CA for signing.

       6.      Import the received certificate signing response to the same private key entry by choosing the Import CSR Response button.

                             Choose Generate CSR Request button.

End of Content Area