Skip to Content

The SAP Passport is a convenient way to handle client based certificate authentication to your SAP NetWeaver Portal. It means that if your users have loaded an SAP Passport into their browser and you have enabled client certificates that use this certificate, then the user can log on to the SAP NetWeaver Portal without needing to enter a username and password.

The mechanism assumes that your AS Java trusts SAP Passport certificates. You can see this be navigating through the Visual Administrator to the Key Storage service and selecting the TrustedCAs view:

image

 

You will notice that the validNotAfter date is 18 July 2010. This means that after that date the certificate will not be trusted. So, you need to navigate to the SAP Service Marketplace and download the latest Root Certificate and load it.

The CA download can be accessed using http://service.sap.com/tcs and then navigate to Download Area -> Root Certificates and then select the SAP Passport CA Certificate:

image When you select the link for the certificate, you will be prompted to Open or Save it. Select “Save” and give the file a name such as c:\temp\SAPPassportCA.crt. Make sure you select the “Save as type” as “All files”, as you don’t want to end up with a .cer file.

Now back in the Visual Administrator, you can use the “Load” option to upload the saved file. This will then change the validNotAfter date to July 2015.

 

image

Finally, put a note in your calendar to repeat this activity again in early 2015.

To report this post you need to login first.

2 Comments

You must be Logged on to comment or reply to a post.

  1. Rahul Urs
    here is a trick which can bounce this blog off…

    change the server time to a later date lets assume i change it to 2095 and then install the CA, if the certificate gives an expiry date this will always be in the future date…I need not worry since this will be valid atleast until 2095 ..I dont need to extend the expiry date as I’ll be dead for sure  !!

    (0) 

Leave a Reply