Show TOC Start of Content Area

Procedure documentation Exporting the Ticket-Issuing Server's Public-key Certificate  Locate the document in its SAP Library structure

Use

In cases when you want to manually upload the ticket-issuing server’s certificate using the configuration wizard, first you have to export the certificate of that server.

Procedure

Exporting the Certificate of J2EE Engine

Use the Key Storage service of the J2EE Engine to export the certificate from the TicketKeystore view:

       1.      Using the Key Storage service on the ticket-issuing server, select the TicketKeystore view and the SAPLogonTicketKeypair-cert entry.

       2.      Choose Export.

       3.      Use the file type X.509 Certificate with the extension .crt and choose OK.

Note

       If the ticket-issuing server is an Enterprise Portal 6.0 SP2 or lower, then use the Keystore Manager on the portal to export the public-key certificate. Rename the file to use the extension .crt.

       For an Enterprise Portal 5.0, the certificate is the verify.der file in the file system. Change the extension of this file to .crt. You can find more information in the Administration Guide for the Enterprise Portal 5.0 under Security  User Management and Security Files.

Exporting the Certificate of AS ABAP

If the ticket-issuing server is an AS ABAP, then use the trust manager to export the server’s public-key certificate:

...

       1.      Log on to the AS ABAP.

       2.      Start the transaction STRUST.

       3.      Select the Personal Security Environment (PSE) that is used for logon tickets (per default, this is the System PSE).

Note

In the following cases a PSE other than the System PSE is used:

      If the system has been upgraded from a Release <= 4.6B, then the PSE used for logon tickets is the SAPSSO2 PSE.

      If you have defined an explicit PSE to use for logon tickets, then this PSE (as specified in the table SSFARGS) is used.

       4.      The server’s public-key certificate appears in the upper section of the screen. The Distinguished Name appears in the Own. cert. field.

       5.      Select the Distinguished Name.

       6.      The certificate appears in the lower section of the screen.

       7.      Choose Certificate Export.

       8.      The Export Certificate dialog appears.

       9.      Save the certificate to a file. Use DER encoding and the extension .crt.

 

End of Content Area