Outbound (Sending Messages to an External System) 

In this scenario of sending messages from the Integration Server through the Adapter Engine to an external system, AS Java acts as the SSL client. Therefore the public certificate issuer (CA) cert of the SSL server needs to be imported to the TrustedCAs keystore view. To do so, use the SAP NetWeaver Administrator and choose Configuration Management → Security Management → Key Storage.

This is sufficient for the SSL handshake to succeed, in the case of basic authentication.

Whether basic authentication or client certification is to be used is configured in the receiver channel configuration (outbound) of the specific adapter in the Integration Directory (if supported).

For the Adapter Engine it is possible to select the client certificate authentication. When selected, the name (alias) of the private key and public certificate needs to be specified as well as the keystore view, in which the key and cert can be found (as imported to the Java keystore).

The private key and certificate of the user can either be present as one entry (with one name) in the specified keystore view (if both were imported in one step from one .p12file), or as two entries (if the key was imported separately from the client certificate as .p8and .crt(or .cert- Base64 encoded) files).

In the second case, the certificate has to be present as the exact name/alias of the private key with an additional _cert suffix.