Steps to identify and resolve the issue:
• Check the Keystore administrator in Visual Admin to determine the valid date and from date and these dates should be in the future and not expired.
• The dates for SSO will be the same in the application (system administration > system config >key store admin) as shown above; in the OS (Visual Admin) and in ECC (tcode: STRUSTSSO2). The OS generates a self signed certificate and this is stored in the application in the keystore area. This is exported and imported to ECC in tcode: STRUSTSSO2. 
• Check tcode STRUSTSSO2 in the system which has to be single signed on and determine under the certificate area the valid from and valid to dates and make sure they are in the future as shown above.
• If the certificate dates are old follow instructions in the below link to create a new certificate:
http://wiki.sdn.sap.com/wiki/display/EP/SSO+Certificate+Expiry
Also check to make sure the connection tests for the system object is successful and refresh the system object after the new certificate has been created
References:
http://help.sap.com/saphelp_nwes70/helpdata/EN/2c/f4e76d7f9e4ffbbc0bfbc0c16fe49d/content.htm
the first thing to do is to define a named anonymous user,by creating a user id in user admin and including this user id in the
anonymous user group which belongs to the everyone user group along with the authenticated users..
the first user id that is added in the anonymous user group will be associated with the /portal/anonymous
and the second user onwards the URL to follow will be /portal/anonymous?guest_user=user2,3,4,5,6,7.....
these user id's need seperate roles and seperate desktops as well....
to check on the roles for these 2 users follow the below steps:
do the following for the anonymous user specified in the URL
Go to System Administration
-> Support
-> User Management
-> Test component for UME objects
-> Get UME User
Specify the name of the role the anonmous user has assigned, and
determine how the role is assigned to the anonymous user.
for desktops use the filter id concept by inserting a filter id in the desktop and the role.
use the below scenario
IF User = intranet
THEN Portal desktop = xxx
IF User = intranet2
THEN Portal desktop = yyy
then, for each desktop, define a filter id and use the mechanisn for
filtering entry points described in:
Filtering Entry Points
http://help.sap.com/saphelp_nw70/helpdata/EN/5e/e855a35455458aa4df21a4339722c7/frameset.htm
if you have trouble with this depending on your SPS level i suggest create an OSS in the below format:
Attach the UME configuration to the message
Navigate to
-> System Administration
-> Support
-> User Management
-> Status of UME properties
-> Configuration Download
-> Download files
Run the web diagtool as outlined in note 1045019 example 1, and then
log on anonymously with a named anonymous user.
Then attach the web diagtool log to the message
Specify the URL used to access the portal anonymously
Provide screenshots of the issue being reproduced.
Deploying the SAP Java Cryptographic Toolkit
Prerequisites
You have obtained the SAP Java Cryptographic Toolkit package that corresponds to your SAP J2EE Engine release.
2. This package is available on the SAP Service Marketplace at service.sap.com/download under Download SAP Cryptographic Software.
3. The SAP Java Cryptographic Toolkit package contains the corresponding Software Delivery Archives (SDAs) for both J2SE 1.3.x and J2SE 1.4.x. The SDAs contain the file iaik_jce.jar, which replaces the export version of the toolkit iaik_jce_export.jar.
If you use J2SE 1.4 or higher, then you also have to install and use the unlimited strength jurisdiction policy files from your J2SE vendor to be able to use the strong cryptography functions used by the Secure Storage and SSL Provider services. (Per default, only limited policy files are delivered with the J2SE 1.4 packages.)
The use of these policy files can underlie import regulations. Make sure you are allowed to use these files before you download and install them.
The policy files you use need to be provided by the same vendor as your J2SE package.
The policy files to use with the Sun Java Development Kit are available from Sun Microsystems, Inc. at java.sun.com.
For other vendors, see their corresponding documentation.
• The SAP J2EE Engine and the Software Deployment Manager (SDM) are running.
Goto the link : service.sap.com/download
Procedure
1. Unpack the SAP Cryptographic Toolkit package into a local directory.
2. Using the SDM Remote GUI, connect to the SAP J2EE Engine and deploy the SAP Java Cryptographic Toolkit SDA that applies to your J2SE version (1.3.x or 1.4.x).
For more information about using the SDM see the Software Deployment Manager in the Development Manual.
http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm
You can now change the startup mode for the SSL Provider so that it automatically starts when the server is started. Use the Configuration Adapter in the Visual Administrator and set the startup mode to Always instead of Manual. For more information, see Changing the Startup Mode for the SSL Provider.
3. Restart the J2EE dispatcher and server. Also restart any tools such as the Visual Administrator or the Config Tool that are running.
You can verify that the correct library has been loaded under Dispatcher Libraries core_lib in the Visual Administrator. The iaik_jce.jar should be included in the list of loaded jars and not iaik_jce_export.jar.
Result
The SAP Java Cryptographic Toolkit replaces the export version of the toolkit on the J2EE dispatcher and server.
You should periodically check for an updated version of this library on the SAP Service Marketplace, for example, when you install support packages.
Go to the Visual Administrator and generate the corresponding SSL keystore certificates.
Generate a certificate signing request. Select your entry, choose Generate CSR Request and save it to a file.
4. If the corresponding certificate has not yet been signed by a CA, then:
a. Generate a certificate signing request. Select your entry, choose Generate CSR Request and save it to a file.
b. Send the certificate signing request to a CA to be signed.
The exact procedure to use depends on the CA that you use. For the SAP CA, follow the instructions provided by the SAP Trust Center Service at service.sap.com/tcs.
c. Save the certificate request response to a file in the file system. Use the extension .crt (DER-encoded or Base-64 encoded) or .cert (Base-64 encoded).
d. Import the corresponding certificate request response. Choose Import CSR Response and load the response from the file system.
For more information about managing keys and certificates in the Key Storage service,
Go to the following link
service.sap.com/tcs.
Send the certificate signing request to a CA to be signed.
The exact procedure to use depends on the CA that you use. For the SAP CA, follow the instructions provided by the SAP Trust Center Service at service.sap.com/tcs
Since the file is “save as type – text document and u need to save it as . cert use the double quotes.
The SSLCERT is shown above.
Check the link to determine if the SSL is working or not:
Use the URL https instead of the http 
Hence the SSL is set up for the J2ee server.
Internet Explorer 8 suffers from compatibility problems with Web
standards such as CSS, HTML4 and XHTML, according to the results
of The Web Standards Project's Acid Test 3.
The Acid 3 test for compatibility ensures that the browser works well with technologies such as CSS, HTML4 and XHTML. However, the test reveals that IE8 falls far short of scores delivered by other new browser software from Google and Mozilla
Microsoft Corp is boasting about the performance speed of the IE8, but the new browser remains the slowest of the top five on the market.
According to the test findings (which appeared in Computerworld) Google Inc's Chrome led all browsers in the SunSpider tests, making it more than four times faster than IE8. Second was Mozilla Corp's Firefox 3.0.7, followed by Apple Inc's Safari 3.2.2 for Windows and Opera Software's Opera 9.63.
Firefox proved to be 59 per cent faster than IE8, while Safari was 47 per cent faster. Opera, the slowest non-Microsoft production browser, was still 38 per cent faster than IE8.
Walt Mossberg, the personal-technology columnist for The Wall Street Journal, criticised IE 8's performance in an All Things Digital post, "Microsoft claims IE 8 is very fast, but in my tests, speed and performance were its worst attributes. Using two computers, one running Windows XP and one running Windows Vista, I timed the loading of a half-dozen popular Web sites, plus two folders containing numerous news and sports sites. I repeated the test in IE 8, and in Firefox, Safari 4, and Chrome. In every case, IE 8 loaded the pages and folders more slowly than most of the other browsers, and in most cases, it came in dead last."
IE8 beefs up protection against malware and known phishing scam sites. However, the new browser suffered its first hack just days after its official launch (along with Safari and Firefox browsers).
At a security conference last week in Canada, a hacker exploited a security hole in Microsoft's new Internet Explorer 8 in under two hours, taking control of a Sony laptop running an internal build of Windows 7.
I am going to give a typical SAP professional answer : IT DEPENDS !
well ...all jokes apart looking at your siutaion, since you already have a add-in installation or what some people call it dual stack system to run ESS in your company here is my advice :
you will face some disadvantages especially when restarting the dual stack system as you have to wait for java to completely start and only then wait for the ABAP stack to restart as well....I mean it becomes very difficult to restart ABAP quickly. a dual stack system is ideal for solution manager and in my recommendataion and experience DO NOT use this on the portal environment. consider a scenario when in future your CIO decides to have the user management by the desktop folks who only use active directory and do not wish to give them SAP access since a dual stack system uses SU01 to lock/unlock users on the portal it becomes quite a nightmare to move to the active directory as your UME....with the central system with AS JAVA only you can have the benefit of choosing ABAP or JAVA initially while installing the system and then doing the right choice of picking JAVA and then moving the UME to the active directory. it also makes things simple when you have SSO with SPnego when a user logs on to the portal and he single signed on and if his password changes on the network he only needs to call helpdesk and change his password which makes life easy.....versus having a dual stack system where ur user management is tied to the ABAP system and you will be left wondering how to resolve the user lock and unlock issues !!!
since you already have this scenario and you plan to do a BI Portal integration use a central system with usage types AS JAVA , EP, EPC. I understand that this is more expensive since you will now have 2 portal systems, but this again DEPENDS if you have a FPN with the producer and consumer portal synchronization is best suited using a central system and NOT the dual stack system.
again there is downside to this as well.......you have to ensure that the service pack for BI JAVA and EP are the same and if there is some patching to be done there will be severe downtime in both the environments and that is something most companies frown upon......but this is something to keep in mind...the key in integrating BI and Portal is the memory and you have to make sure sizing is done correctly along with the memory usage on the BI reports as well as sufficient load balancing in terms of defining how many server processes are necessary to run it efficiently ....there are certain notes that i can guide you...723909 - Java VM settings for J2EE 6.40/7.0 and Note 1044330 - Java parameterization for BI systems
so in the end it depends on the number of users using ESS and number of users using BI reports.......but I would still go for a brand new server (Central system with Java only and AD as your UME) and avoid the dual stack system....
Ways to control this situation and RISK factors
The &SAP_EDIT is controlled via auth object S_DEVELOP…..Look for DEBUG: Debugging (activity 01=system debugging, 02=replace in ABAP/4 programs, 03=debugging for ABAP/4 programs) and remove the values 01, 02 and 03 from this auth object. Read all about security restrictions here
RISK FACTORS:
Lets assume u have access to the command and can access SE16N, What could go wrong ?
Updating SAP tables directly has always proven expensive to any company especially with the amount of downtime as the tables are interrelated and unknown error messages will cause more confusion in resolving the problem. Data has to be updated either by a function module or by the transaction code. Deleting the rows and columns can cause more problems with the several programs that use the tables. ABAP programmers will love this command as they can always manipulate the tables to prove their results, but with a transport imported in QA and Prod several issues can bring system downtime. Data backup will not help in recovering the situation since the standard tables have been manipulated and you probably have to re-write the entire application from scratch…..
Reference:
http://weblogs.sdn.sap.com/pub/wlg/16205
http://www.kowboyz.nl/blog/edit-sap-tables/