Exporting and installing the Secure Sockets Layer (SSL) certificate

The topic describes the procedure to export and install the SSL certificate.

About this task

Note: Steps to export the certificate are valid for both supported versions of SAP NetWeaver Application Server Java. SAP NetWeaver Application Server Java 7.3 EHP1 SP6 Patch 3, or 7.4 SP1 Patch 3, or later versions.

Procedure

  1. Start the SSL configuration tool in the SAP NetWeaver administrator. Go to Configuration Management > Security > SSL.
  2. Select the added SSL access point or port in the SSL Access Points section. Port details are displayed.
  3. From the Server Identity tab, select the private key entry, and choose Export Entry to export the server certificate directly from its private key entry.
  4. In the Export Entry to File dialog box, select export format PKCS#8 Key Pair.
    Two files are created: a PKCS#8 key pair file and an X.509 certificate file.
    For example, ssl-credentials-cert1.crt.
  5. Download the certificate file and store it in the same directory as the client keystore. For example, the cacerts file of the Java Virtual Machine of Security Directory Integrator. The keystore or the cacerts file location depends upon the location of Java virtual machine of IBM Security Directory Integrator. The default location is ITDI_HOME\jvm\jre\lib\security\cacerts.
  6. Import the downloaded certificate to IBM Security Directory Integrator keystore by using the keytool utility. By default, the keytool utility is located in ITDI_HOME\jvm\jre\bin\ directory.
    1. In a command prompt, navigate to the directory ITDI_HOME\jvm\jre\lib\security.
    2. Run the following command. 
      keytool -import -alias <local_alias or certificate_name> -file <certificate_file> -keystore <keystore_name>
      Where,
      • <local_alias or certificate_name> is the unique name to identify the certificate entry in the Java Virtual Machine keystore.
      • <certificate_file> is the name of the SSL certificate from SAP NetWeaver Application Server Java.
      • <keystore_name> is the name of the keystore file that is used by SAP UME adapter. The default value is cacerts.
      For example, keytool -import -alias my_ssl_cert -file ssl-credentials-cert1.crt -keystore cacerts
  7. Enter the keystore password. The initial password of the cacerts keystore is changeit.
  8. Type y and press Enter at the prompt that confirms whether you trust the certificated to be imported.

Results

SSL certificate is added to the client keystore cacerts.