- Logon to the Netweaver Administrator: http://<hostname>:<port>/NWA
- Navigate to : Configuration Management > System > Certificate and Keys.
- From the list of Keystore Views, select the ICM_SSL_<instance_ID>.
- The contents of the selected keystore view appear.
- By default, these keystore views contain a key pair that is created during installation for using SSL on the AS Java. This key pair is signed by a testing CA, therefore we recommend that you limit the use of the default certificate to testing purposes.
- Choose each entry “ssl-credentials” and “ssl-credentials-cert” and choose <Delete>
- Confirm Deletion :
- Choose <Create>
- The following “Add New Key Storage Entry “wizard that appears :
- For Example :
- Choose <Next>
- Add the following details :
- For example :
- Choose <Next>
- Choose <Next>
- Choose <Finish>
- This will take you back to the original Page :
- Choose the “ssl-credential” entry and select <Generate CSR Request> : Select Format “Base64 encoded “ , and Link “Download”
- Save the fiole to your desktop as “ssl-credentials.txt”.
Generate CSR Request
- Open the File with Notepad :
- The Certificate needs to be signed by a Certified CA . Signing the Certificate is not documented here as it depends on which CA you use. Test SAP SSL Certificates can be obtained from http://service.sap.com/tcs
- The following is a sample of the Signed Test SSL Certificate from SAP :
- Save the signed certificate as “ssl-credentials.crt” i.e. X509 format
- Select the “ssl-credentials” entry and choose <Impory CSR Response>
- Browse to the saved “ssl-credentials.crt” file
- Select it and press <Add>
- The entry will be added to the CSR Response List .
- Choose <Import>
- The entry will be added and be displayed :
- Note : The above example screen shot uses a “test” certificate, with an expiry of 3 months. This is why the entry shows with a “yellow” warning triangle.
- Restart the J2EE Engine.