Use
The portal certificate is required in order to display content from the BW system in the portal and must be imported being exported from the BW system.
Procedure
Exporting the Portal Certificate from the Portal
-
Start SAP NetWeaver Administrator at http://<host>:<httpport>/nwa.
-
Choose
KonfigurationSecurityCertificates and Keys. -
Under Keystore Views, select the TicketKeystoreview.
-
If you cannot find the SAPLogonTicketKeypair-certunder Display Entries, generate a portal certificate as follows: Otherwise skip to step 9 to continue with the export.
-
Under Display Entries, choose Create.
In the the Entry Settingsstep, enter the following values:
-
Entry NameSAPLogonTicketKeypair (the SAPLogonTicketKeypair-certentry is generated automatically)
-
Store Certificate: X
-
Algorithm: DSA
In the Owner Propertiesstep, note that there must be a value for every key under Value.
The value CN=Common Nameis displayed as the owner in transaction STRUSTSSO2 and is used to identify the certificate. We recommend using <HOSTNAME_PORT> from the portal server.
-
-
To create the certificate, press Finishin the Summarystep.
-
Under Entries, select SAPLogonTicketKeypair-cert.
-
Choose New Entries.
-
Export the portal certificate as <PORTAL_SID>_certificate.crtin the file format X.509 Certificate (*.crt).
Import the Portal Certificate to the BW System
-
In transaction STRUSTSS02, choose
Import Certificateand import file <PORTAL_SID>_certificate.crtin binary format. -
To add the certificate to the SSO access control list (ACL), choose
Edit Certificate in ACL.For the portal, you can specify the system ID of the portal as the system and the value of parameter logon.ticket_clientas the client. If the logon.ticket_clientparameter has not been defined, client 000 can be used.
The system ID of the portal is specified when the portal is installed and can be found in the file path for the portal: #/<PORTAL_SID>/JC<Instance Number>/j2ee/cluster/server<Number>/#
-
To add the certificate to the list of certificate, choose
Edit Add Certificate. -
If you want to distribute the settings across multiple application servers, choose Distributein the context menu for the tree on the left.
There may be a time delay when distributing the certificate. If necessary, check again whether the certificate has been successfully distributed.
-
Save your entries.
When changing user management in the portal, it might be necessary to create a new certificate and import it into the BW system. The certificate for the portal is automatically regenerated when the Application Server Java is restarted. It can then be re-exported.
Check
You can check whether the portal certificate was imported successfully by calling a BEx Web application. You should not be prompted for a password.
