Exporting and Installing the SSL Certificate in SAP Identity Management

SSL certificate should be exported from the SAP NetWeaver Administrator and imported to the keystore used by the client Identity Management Developer Studio. This is required for communicating securely with the server.
To export and install the SSL, please follow the below steps:
Login to java server of idm : https://<hostname>:<portnumber>/


Exporting and Installing the SSL Certificate in SAP Identity Management

Click on SAP NetWeaver Administrator. Now you will login to SAP NWA with credentials.

Exporting and Installing the SSL Certificate in SAP Identity Management

Choose configuration tab and open SSL.

Exporting and Installing the SSL Certificate in SAP Identity Management

Select the added SSL access point (port) in the SSL Access Points section. The details of the selected port will be displayed.

Exporting and Installing the SSL Certificate in SAP Identity Management

From the Server Identity tab for the SSL port, select the private key entry and choose Export Entry to export the server's certificate directly from its private key entry.

Exporting and Installing the SSL Certificate in SAP Identity Management

In the Export Entry to File dialog box, select export format PKCS#8 Key Pair.
Note: Two files will be produced, a PKCS#8 key pair file and an X.509 certificate file (for example ssl-credentials-cert1.crt). Download the certificate file and store it in the same directory as the client keystore (i.e. the cacerts file of the Identity Management Developer Studio). The location of the keystore (the cacerts file) depends on the location of your Java Virtual Machine, by default <JAVA_HOME>\jre\lib\security\cacerts.


Exporting and Installing the SSL Certificate in SAP Identity Management

Save the certificate in Java home directory.

Exporting and Installing the SSL Certificate in SAP Identity Management

Exporting and Installing the SSL Certificate in SAP Identity Management

The certificate is downloaded, import it to client's keystore cacerts by using the keytool utility.
In a command prompt, navigate to the directory <JAVA_HOME>\jre\lib\security\ and use the following command: keytool -import -alias <local certificate name> -file <certificate file> -keystore cacerts.
For example: keytool -import -alias my_ssl_cert -file ssl-credentials-cert1.crt -keystore cacerts.

Run command as below: 
C:\Program Files\Java\jre1.8.0_181\lib\security>"C:\Program Files\Java\jre1.8.0_181\bin\keytool"-import -alias my_ssl_cert3 -file ssl-credentials-cert1.crt -keystore cacerts

Note: Change file name my_ssl_cert everytime depending on system e.g dev/QA etc

Exporting and Installing the SSL Certificate in SAP Identity Management

Provide full access to Cacerts file in java home directory.

Exporting and Installing the SSL Certificate in SAP Identity Management

Go back to Command.
You will be asked to provide a keystore password.
The initial password of the cacerts keystore is changeit. You are asked if you trust the certificate you are about to import. Type Y and press.

Exporting and Installing the SSL Certificate in SAP Identity Management

The certificate will be added to the client keystore cacerts.
Now Go to Eclipse and choose system for login. It will prompt for user id and password.

Cheers!!

Comments

Post a Comment