SAP Netweaver Portal: Configuring the Use of SSL on the SAP J2EE Engine

Configuring the Use of SSL on the SAP J2EE Engine

Posted by Unknown at 6:42 PM

Deploying the SAP Java Cryptographic Toolkit
Prerequisites
You have obtained the SAP Java Cryptographic Toolkit package that corresponds to your SAP J2EE Engine release.
2. This package is available on the SAP Service Marketplace at service.sap.com/download under Download  SAP Cryptographic Software.
3. The SAP Java Cryptographic Toolkit package contains the corresponding Software Delivery Archives (SDAs) for both J2SE 1.3.x and J2SE 1.4.x. The SDAs contain the file iaik_jce.jar, which replaces the export version of the toolkit iaik_jce_export.jar.
 If you use J2SE 1.4 or higher, then you also have to install and use the unlimited strength jurisdiction policy files from your J2SE vendor to be able to use the strong cryptography functions used by the Secure Storage and SSL Provider services. (Per default, only limited policy files are delivered with the J2SE 1.4 packages.)
The use of these policy files can underlie import regulations. Make sure you are allowed to use these files before you download and install them.
The policy files you use need to be provided by the same vendor as your J2SE package.
The policy files to use with the Sun Java Development Kit are available from Sun Microsystems, Inc. at java.sun.com.
For other vendors, see their corresponding documentation.
• The SAP J2EE Engine and the Software Deployment Manager (SDM) are running.

Goto the link : service.sap.com/download

Procedure
1. Unpack the SAP Cryptographic Toolkit package into a local directory.
2. Using the SDM Remote GUI, connect to the SAP J2EE Engine and deploy the SAP Java Cryptographic Toolkit SDA that applies to your J2SE version (1.3.x or 1.4.x).
For more information about using the SDM see the Software Deployment Manager in the Development Manual.
http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm

You can now change the startup mode for the SSL Provider so that it automatically starts when the server is started. Use the Configuration Adapter in the Visual Administrator and set the startup mode to Always instead of Manual. For more information, see Changing the Startup Mode for the SSL Provider.
3. Restart the J2EE dispatcher and server. Also restart any tools such as the Visual Administrator or the Config Tool that are running.
You can verify that the correct library has been loaded under Dispatcher  Libraries  core_lib in the Visual Administrator. The iaik_jce.jar should be included in the list of loaded jars and not iaik_jce_export.jar.

Result
The SAP Java Cryptographic Toolkit replaces the export version of the toolkit on the J2EE dispatcher and server.
You should periodically check for an updated version of this library on the SAP Service Marketplace, for example, when you install support packages.

Go to the Visual Administrator and generate the corresponding SSL keystore certificates.
Generate a certificate signing request. Select your entry, choose Generate CSR Request and save it to a file.

4. If the corresponding certificate has not yet been signed by a CA, then:
a. Generate a certificate signing request. Select your entry, choose Generate CSR Request and save it to a file.
b. Send the certificate signing request to a CA to be signed.
The exact procedure to use depends on the CA that you use. For the SAP CA, follow the instructions provided by the SAP Trust Center Service at service.sap.com/tcs.
c. Save the certificate request response to a file in the file system. Use the extension .crt (DER-encoded or Base-64 encoded) or .cert (Base-64 encoded).
d. Import the corresponding certificate request response. Choose Import CSR Response and load the response from the file system.
For more information about managing keys and certificates in the Key Storage service,

Go to the following link
service.sap.com/tcs.
Send the certificate signing request to a CA to be signed.
The exact procedure to use depends on the CA that you use. For the SAP CA, follow the instructions provided by the SAP Trust Center Service at service.sap.com/tcs

Since the file is “save as type – text document and u need to save it as . cert use the double quotes.

The SSLCERT is shown above.

Check the link to determine if the SSL is working or not:
Use the URL https instead of the http

Hence the SSL is set up for the J2ee server.