Skip to Content
avatar image
Former Member

How to import .cer certificate to HCI keystore

Hi All

I am having difficulty understanding how to upload the .cer certificate to HCI keystore as it only accepts .jks or jkes format there, i tried saving the same file as .jks but of no help.

Kindly add some light to it

Thanks a lot

Naina

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • Best Answer
    Nov 02, 2017 at 07:58 AM

    Hello Naina,

    You willnot be able to upload the certificates like earlier directly from Eclipse by appending certificates to System.jks. Now you have to follow below steps in WEBUI

    Blog 1: ( to Get overview of how to generate JKS file )

    https://blogs.sap.com/2017/06/19/cloud-integration-how-to-setup-secure-outbound-http-connection-using-keystore-monitor/

    Blog 2: ( How to upload JKS to CPI tenant via WEBUI and Make your scenario working)

    https://blogs.sap.com/2017/06/19/cloud-integration-keystore-monitor-now-available-for-tenant-administrator/

    Blog 3: ( How to take up backup of certificates via WEBUI )

    https://blogs.sap.com/2017/08/14/cloud-integration-backuprestore-using-keystore-monitor/

    Let me know if you still find any difficulties with certificates.

    Regards,

    Sriprasad Shivaram Bhat

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Sriprasad

      I need a major help here.

      My client has only provided an sha384RSA 2048 certificate with pkcs padding(.cer). They say it should be used for encryption in HCI as a MLS. Also they asked to used Base 64 encoding after the encryption is done.

      They have not provided any public key or anything apart from that.

      So for TLS i downloaded the public certificates from their website and that works fine.

      Also i used keystore explorer to add this .cer to newly created java keystore and added to my HCI keystore

      https://******.ap1.hana.ondemand.com/itspaces/shell/monitoring/Keystore

      It is not encrypting by itself.

      What should be the next step to call their .cer(sha384RSA 2048 certificate with pkcs padding) in my scenario.

      Its very urgent and i am not able to find any solution to this.

      • Do i need to get more keys
      • do i need to use java program to encrypt here

      Please help me with this.

      Regards

      Naina

  • Nov 01, 2017 at 05:44 PM

    In HCI you need to create a Java Key Store. Don't rename the certificate that is invalid.

    Check these blogs: HCI Certificates.

    And also please tag your query to HCI.

    Br,

    Manoj

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Nov 02, 2017 at 06:14 AM

    Hi Manoj

    I can see ssytem.jks in deployed artifacts and i want to download it in order to add .cer certificate to it but the field is disabled there.

    Can i create a fresh keystore using keystore explorer tool and add cert to it and upload. will it work.

    Kindly help.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Nov 09, 2017 at 06:34 AM

    manoj

    need urgent help...please share ur email ID

    Add comment
    10|10000 characters needed characters exceeded

    • As per the blog there is no restriction to use the existing system.jks keystore . You can create your own keystore as well

      To add the root certificate of the receiver systems private key, open an existing keystore in Keystore Explorer or create a new keystore. Easiest is to just create a new one, select JCEKS as type for the new keystore.

      I am not sure if HTTP has inbuild MLS feature, if not then have to go for script .

      And the private key for your tenant would be usually sent in the initial mail from SAP with your tenant/management/runtime URL , however, you can create a new pair as well . link

      Please re-tag your query to : SAP Cloud Platform Integration for process services

  • Nov 10, 2017 at 06:24 AM

    Hello Naina,

    You need to use the .cer file provided by your 3rd party in the Public key alias of PKCS7 encryptor. And to upload this .cer file to keystore, you need to create a .jks file. You can use the system.jks file if you know the password of it, else create a new .jks file and upload it to HCI keystore.

    You can use keystore explorer to add the .cer file. Once uploaded use the alias of .cer file in PKCS7 encryptor.

    Regards,

    Nitin Deshpande

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      i did the same but my client doesnt want to use any symmetric key at their end...jusr RSA/ESB/PKCS#1 padding they are using

      how to use PKCS encrypter in that case as its mandatory to use one of the content encryption algo there