on 01-11-2011 5:57 AM
Hello all,
In PI 7.11 I have imported the certificate and key using NWA >Configuration Management> Security Management-> Key Storage.Created a View(for eg:Test_Certificate) and imported the Certificate and Key. But the customers is having PI 7.0 and they have to use the Visual Administrator for importing the digital certificate. My doubt is whether they should import to service_ssl or TicketKeystore.
Can a new view be created in Visual Administrator and import the certificate?Kindly tell me the steps.
(I am using the Digital certificate in UDF to sign the message using the Digital Signatures and Document Encryption API as specified here http://help.sap.com/saphelp_nw2004s/helpdata/en/18/6197044da2a745a4d588da33e0facf/frameset.htm)
your replies are appreciated.
Kind Regards,
Kubra fatima
Hi Kubra,
My recommendation is install the certificate in Default view, once you have implements the UDF class and get the certificate correctly, then change the certificate store.
The view service_ssl is used for open SSL connections, is not necessary to save the certificate in this view.
Best regards
Ivá
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
My doubt is whether they should import to service_ssl or TicketKeystore.
service_ssl ...for more info http://help.sap.com/saphelp_nw04/helpdata/en/a6/98f73dbc570302e10000000a114084/content.htm
I remember using TicketKeystore for principal propagation.
Regards,
Abhishek.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Abhishek,
In PI 7.11 I have created a new KeyStorage View and under which I have imported the certificate.In PI 7.0 using Visual Administrator , to import the certificate there is an option to create a View under Runtime tab (Under Global Configuration u2013 Server Instance u2013 Services u2013 Choose Key storage).so can we create a new view and entry using this procedure?
As I have no access to Visual administrator and found this button(Create View) in some screen short in SDN document.
I want to know the details it will ask while creating the Kestorage View and entry.Also I want to know what are the different formats of digital certificate(for example in NWA we can import PKCS#12 or .cert) it support for importing the certificate.
Kindly help me .I have to reply to the customer with the detail steps who is working on PI 7.0
Kind Regards,
Kubra fatima.
As I have no access to Visual administrator and found this button(Create View) in some screen short in SDN document.
Check this help section: http://help.sap.com/saphelp_nw04/helpdata/en/53/b221e3b466b346860715a550ca987d/content.htm
for example in NWA we can import PKCS#12 or .cert
If you are Loading then it would be .cert (even .crt)
Thanks Abhishek for the link you have mentioned.
From the link it is clear that while creating a new Keystorage view we just need to specify a name for the new key storage view. similar to PI 7.11 in NWA
To import the certificate under created Keystorage View in PI 7.1 in NWA we follow the below procedure
(In the View Entries tab we choose Import Entry. The Entry Import dialog appears and we select the type of the entry we want to import from the Select entry type dropdown list. The list contains the options X.509 Certificate,PKCS#12 , and PKCS#8 I have selected PKCS#12 Key Pair and Enter path to PKCS#12 Key file and password. Choose Import.)
But in PI 7.0 to Manage Entries there are only to options
Export a key or certificate entry to the file system
Import a CSR response
specified at http://help.sap.com/saphelp_nw04/helpdata/en/53/b221e3b466b346860715a550ca987d/frameset.htm .
Can you please help to find the steps to manage the entry in Visual Administrator or what does load option do which is present in Entries tab.Kindly tell me the details it ask while loading or steps required to manage the certificate and key under created Keystorage View.
Kind Regards,
Kubra fatima.
This should answer many of your queries: /people/aniket.tare/blog/2005/03/22/ssl-certificate-installation-procedure-for-sap-j2ee-engine-630-150-steps-in-visual-administrator
what does load option do which is present in Entries tab.
If you have an already signed certificate then you load it into the J2EE server using the Load option.
I have selected PKCS#12 Key Pair and Enter path to PKCS#12 Key file and password. Choose Import.)
not quite sure, but VA also provides you to import PKCS#12 file
Regards,
Abhishek.
Hi,
Let me try to answer the queries which you have. Hope it will help you.
1. As you use the key for signing the message and not for SSL, so it doesn't matter where you put your key-certificate pair. You can create a new view and import the entries else you can also import it under DEFAULT view as already suggested in the current thread. So it depends on how you want to use it.
2. The Load option under Entries would enable you to load the key-cert pair similar to what Import option allows you to do in PI 7.1 in NWA. You need to provide the file location and also the password to import the PKCS12 or PKCS 8 files.
3. If you want to create a new Key-Cert Pair, Abhishek has already provided you the link to do so.
Hope this will help you in performing the needed tasks.
Best Regards,
Pratik
User | Count |
---|---|
88 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.