Keystore Administration (SAP Library - Authentication and Single Sign-On)

Keystore Administration

Use

The keystore administration tool allows administrators to download the verify.der and verify.pse files which contain the Portal Server’s certificate.

The keystore administration tool only contains TicketKeystore which contains the private and public key of the Portal Server and its certificate. You manage all other keystores using the Key Storage service in the Visual Administator. Certificates of Certification Authorities (CA) that the portal trusts are stored in the TrustedCAs keystore.

Prerequisites

To use the keystore administration tool, administrators must be assigned to the System Administration role.

They must also be assigned to the J2EE Engine security role administrators. By default this role is assigned to the group Administrators so it should suffice to assign the user to the Administrators group.

Integration

The keystore administration tool is based on the portal component com.sap.portal.usermanagement.admin.KeystoreComponent. This component is included in the System Administration role.

Features

With the keystore administration tool you can:

· View contents of TicketKeystore

· Import certificates into TicketKeystore

· Download portal server certificate (verify.der) as a ZIP file

· Download all certificates trusted by the portal in PSE form (verify.pse) as a ZIP file

Activities

Accessing Keystore Administration

In the portal, choose System Administration → SystemConfiguration → Keystore Administration.

Using Keystore Administration

Activity	Action
View contents of TicketKeystore	Choose Content.
Import certificates of trusted entities into TicketKeystore	... 1. Choose Import Trusted Certificate. 2. Browse to the certificate file. The file must be in DER format. PSE format is not supported. 3. Enter an alias for the certificate. The alias must have less than 150 characters and may not contain double quotation marks ("), dollar signs ($), braces ({, }), spaces, and asterisks (*). 4. Choose Upload.
Download verify.der or verify.pse.	... 1. Choose Content. 2. Scroll to the bottom of the screen. 3. Choose Download verify.der File or Download verify.pse File as required.