Skip to Content
Author's profile photo Former Member

Using SAP Passports in your portal? You may want to read this…

The SAP Passport is a convenient way to handle client based certificate authentication to your SAP NetWeaver Portal. It means that if your users have loaded an SAP Passport into their browser and you have enabled client certificates that use this certificate, then the user can log on to the SAP NetWeaver Portal without needing to enter a username and password.

The mechanism assumes that your AS Java trusts SAP Passport certificates. You can see this be navigating through the Visual Administrator to the Key Storage service and selecting the TrustedCAs view:



You will notice that the validNotAfter date is 18 July 2010. This means that after that date the certificate will not be trusted. So, you need to navigate to the SAP Service Marketplace and download the latest Root Certificate and load it.

The CA download can be accessed using and then navigate to Download Area -> Root Certificates and then select the SAP Passport CA Certificate:

image When you select the link for the certificate, you will be prompted to Open or Save it. Select “Save” and give the file a name such as c:\temp\SAPPassportCA.crt. Make sure you select the “Save as type” as “All files”, as you don’t want to end up with a .cer file.

Now back in the Visual Administrator, you can use the “Load” option to upload the saved file. This will then change the validNotAfter date to July 2015.



Finally, put a note in your calendar to repeat this activity again in early 2015.

Assigned tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Rahul Urs
      Rahul Urs
      here is a trick which can bounce this blog off...

      change the server time to a later date lets assume i change it to 2095 and then install the CA, if the certificate gives an expiry date this will always be in the future date...I need not worry since this will be valid atleast until 2095 ..I dont need to extend the expiry date as I'll be dead for sure  !!

      Author's profile photo Former Member
      Former Member
      Blog Post Author
      The expiration date is set by the CA issuer, not by the person installing it...