Show TOC Start of Content Area

Function documentation Using the AS Java Key Storage   Locate the document in its SAP Library structure

Use

The Key Storage management functions of the SAP NetWeaver Administrator enable you to manage AS Java certificates and keys. You access the server credentials from multiple virtual key stores called keystore views. The keys and certificates in the Key Storage views can be used for encryption, identification and verification purposes when using AS Java function. The Key Storage entries themselves are stored in a distributed database and can be assigned particular access rights using code based security.

The service is compatible with the Java Cryptography Architecture.

Features

The Key Storage functions of the SAP NetWeaver Administrator are supported by the keystore service and interface of the AS Java. The AS Java keystore service represents an enhanced implementation of java.security.KeyStore interface, used by the AS Java for cryptographic functions.

The AS Java installation includes the following set of default keystore views. When the keystore service of the AS Java is starting, it checks if there are already views with the same names. If there are any, new views are created and the default corresponding images for these views are imported.

View Name

Description

service_ssl

Template view that contains the initial keypair for creating new ICM_SSL_<instance_ID> keystore views.

Used to support SSL on the AS Java. For more information, see Configuring the use of SSL on the AS Java.

javamail

Contains the client key-pair that is used by the AS Java javamail client to send e-mail over SSL.

 The key pair is generated by the AS Java keystore service, using an image file provided by the javamail service image file.

TrustedCAs

Template keystore view that contains trusted server certificates.

This view can be accessed by applications to check certificates for trusted systems, without having to configure code based security permissions for the corresponding application.

 

Aside from default views, the AS Java keystore also includes the following views that are created and maintained by other services.

View Name

Description

DEFAULT

Represents a public view for common use by all components. Contains the symmetric key that is used for signing and validating ticket objects for security session management.

Created by the keystore service of the AS Java.

TicketKeystore

Contains the key-pair to use for issuing logon and assertion tickets, as well as, the certificates for all trusted ticket issuing systems.

Created and used by the security service of the AS Java.

UMEKeystore

Contains a key-pair used by the UME provider service of the AS Java.

Created by the UME provider service of the AS Java.

securestorage

Contains the symmetric keys for encrypted Secure Storage content.

Created by the secure storage service of the AS Java.

ICM_SSL_<instance_ID>

Contains the SSL key-pair and trusted server certificates for client authentication over SSL.

Created by the SSL service upon activation of an SSL port in the ICM.

 

Activities

Using the SAP NetWeaver Administrator Key Storage management functions you can:

      Manage the keystore views. For more information, see Managing Key Storage Views.

      Manage keystore entries. For more information, see Managing Entries.

      Create new certificates. For more information, see Creating a Key Pair and Public-Key Certificate

      Manage CSR requests and responses. For more information, see Creating a Key Pair and Public-Key Certificate and Signing It.

      Use code based permissions to manage the security relations between the Key Storage service’s components and the installed applications. For more information, see Managing Code Based Permissions.

 

See also:

      Importing Certificate and Key From the File System

      Configuring the Use of SSL on the AS Java

      Managing the Credentials and Trusted Certificates to Use SSL

      Managing Cryptography Providers

End of Content Area