on 06-15-2016 12:10 PM
In order to encrypt the communication between IDM and AS Java during the Initial load or any other jobs, you may want to use HTTPs instead of HTTP for a JAVA server. However, if you choose the https protocol, you may get an error in Initial Load job. Error message looks like this
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
CERT have been imported -> jre/lib/security
someone has similar problems ?
many many thanks
Stefan
solution http://scn.sap.com/community/idm/blog/2014/06/20/as-java-initial-load-with-https 1) JRM Directories on the server /usr/sap/SID/sapjvm_6/jre/lib/security 2) Check Show which cacerts store certificates keytool -list -keystore cacerts You will be prompted to enter the password for the store. The default password is changeit http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html 3) Export certificate from the browser's Java system 4) Import the certificate with the help of the following command keytool -keystore cacerts -importcert -alias SID -file SID.cer 5) follow-up keytool -list -keystore cacerts best regards Stefan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You have to import the ssl certificate of the remote server into the JRE of the IdM runtime.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Did you installed them into NWA or into the JRE? How to import a .cer certificate into a java keystore? - Stack Overflow
Installs in NWA and in keystore JRE please refer instructions. http://scn.sap.com/community/idm/blog/2014/06/20/as-java-initial-load-with-https This is because the Java‘s server certificate is not trusted by your IDM java program. All you need to do is to add server's (or root) certificate into JRE's default trust store. The JRE's trust store is located under jre/lib/security. The file name is cacerts without extension. Try command keytool -importcert -file RootCA.crt -keystore cacerts thank you
OK, once again.
1. You want to connect to an AS Java Server via SSL.
2. You have to download SSL the certificates from AS Java via NWA.
3. You have to import these certificates via the java keytool command line program into the keystore (file) of the Java Runtime (JRE) the IdM runtime is using. The certificates are stored inside this JRE keystore file.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.