Skip to Content
Author's profile photo Ishteyaque Ahmad

Bye bye STRUSTSSO2: New Central Certificate Administration NW7.3

It is time to enjoy for those who have NetWeaver 7.3 Java in their landscape or somewhere else provide from that Java system you can jump to any of your systems in landscape and firewall will not stop you from login.

If answer is yes then you can avoid use of STRUSTSSO2 and Java nwa license link to import-export certificates.

From just one NW7.3 Java system  you can exchange certificate between between any two

Java <–> Java

ABAP <–> Java


without downloading and uploading of certificate files and with just few mouse clicks, what else you need in life? 🙂


SSO2 Wizard was introduced for AS Java 640: SP21 & for AS Java 700: SP14 that can be accessed through URL http://<hostname>:5nn00/sso2

If you are having older SP levels than the mentioned above then you can deploy it from SAP Note 1083421 – SSO2 Wizard

After login, screen it will look like below


check the information marked in green

It will show the SID, client of Java, which is needed in order to work with SSO certificates.

You can notice that there are 3 certificates applied, you can see their SID and client as well, in the example the system with client number 007 is Java and rest two systems are ABAP.

If you want to add more systems you have two methods:

  • By Querying Trusted System
  • By Uploading Certificate Manually (old method needed file download and upload)

We will checkout easy method : By Querying Trusted System

It will prompt you for searching system from SLD, you can select it from SLD list else you can cancel it and come to below screen.


select the system type, for example I am selecting JAVA


Fill the hostname or IP, Port number like 5NN00 where NN is instance number. Click Next


Wizard will automatically pull the certificate along with the information like Client number when you will click on Finish, the certificate from this new system will be applied to SID shown on the top, like the arrow mark.

Lets see in case of ABAP


You can use any user ID with proper authorization.


The process is just the same in case of ABAP system.

Here we have seen that with help of Wizard, how life became easy, but wait this is not all……………..

We have seen that with help of this wizard we can apply certificate to java system easily, but when we want to apply certificates into some another Java system or ABAP system then?

Here our new friend NetWeaver 7.3 SSO2 Wizard will help, lets see whats extra in there.


Notice the new button “Connect to Remote System” this button was not there in older versions, you can checkout the screenshot given in starting of this blog.

When we click on the button, it will give two options from drop down.


Lets say I want to jump to any Java system in which I want to apply SSO certificates, no matter what version of Java that would be, fill in required values


Click OK and you will be able to jump to this new system, notice the changed SID in below screenshot (red arrow)


Now here you can follow the same method described above and import certificates from any ABAP or Java system as per your requirement.

Lets see, if we can jump to any ABAP system


Click OK


The green arrow shows in which system we are and with help of red eclipse we can import ABAP or Java system certificates as many we want.

In Nutshell, the new button “Connect to Remote System” giving you flexibility enough so that you can be Lazy 🙂

Though its not centralize administration but somehow you can work with all your systems in your landscape, so for generating sensation I am calling it centralized administration of SSO.

Hope this will be of help to some of us.


My other Blogs, if you have time…

How to Rename the Oracle Listener & Change Listener port for SAP

Multiple/Bulk transports with tp script for Unix (AIX, Solaris, HP-UX, Linux)


Interrelation: SAP work process, OPS$ mechanism, oracle client & oracle shadow process

Install and configure NetWeaver PI 7.3 Decentralize Adapter part-1

Install and configure NetWeaver PI 7.3 Decentralize Adapter part-2

Bye bye STRUSTSSO2: New Central Certificate Administration NW7.3

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Thank you for sharing this. This is such a cool feature. I know I am going to use it a lot.

      - Shuvendu

      Author's profile photo Varun Biswas
      Varun Biswas

      We faced certain short comings. It not a total bye bye to STRUSTSSO2.

      In cases of Front-end Back-end integration the Certificates can be swapped, but generating of PSEs on first time installed/copied still has to done on STRUSTSS02. Also adding certificates to ACL still remains a manual effort.

      Author's profile photo Marc Saulnier
      Marc Saulnier

      Useful blog thank

      Author's profile photo Former Member
      Former Member

      very useful, thx

      Author's profile photo Pradeep Gopinathan
      Pradeep Gopinathan

      Good one , Thanks .

      Author's profile photo Ridwansyah Ridwansyah
      Ridwansyah Ridwansyah

      Thanks, it is very useful!

      Author's profile photo Former Member
      Former Member

      Thanks for sharing 🙂

      Author's profile photo Girwar Meena
      Girwar Meena

      Good and tricky. Thank you for sharing.
      I think it is not completely bye bye but still there are many steps we have to rely on Strustsso2.
      SSO between two ABAP systems, still need manual steps to be done first in STRUSTSSO2. Also if you approach to make this single system as Centralize admin for SSO, you making is single point of failure.

      Author's profile photo Ishteyaque Ahmad
      Ishteyaque Ahmad
      Blog Post Author

      Hi Girwar,

      Thanks for your responce.

      We can use this mechanism to apply SSO between two ABAP system, for various options you can refer to the diagram I have included.

      What I meant by making a centralize system; its not going to take away the ability of normal working process, so it cannot be a SPOF. Additionally if you have more than one java system any one of it can be used to perform these activity.