Configuring SSL Connection to SAP Systems in SAP NetWeaver Gateway Productivity Accelerator
Following the release of the SAP NetWeaver Gateway Productivity Accelerator and the blog post by Martin Bachmann, more and more people keep asking me how to configure their Gateway system within the GWPA tool, in HTTPS protocol. So I figured it might be worthwhile to post a short explanation that hopefully clarify what needs to be done in order to add a SAP NW Gateway secured connection.
Follow these 3 steps:
• Export the server certificate (that is the root certificate of the Gateway server)
• Import the server certificate to the list of trusted CAs (Certificate Authorities) in your JRE
• Add the connection in SAP NetWeaver Gateway Productivity Accelerator in Eclipse
Easiest way I’ve found to export the certificate is to go to your browser and just export it from there: enter some URL of a service on the SAP NW Gateway system you would like to configure. Click on the lock icon on the address bar and then on View certificates (if using Chrome, after clicking the lock icon go to the Connections tab and then Certificate information). Select the Certification Path tab and click on the root certificate before clicking on View Certificate. Then, go to the Details tab and click on Copy to File…
Follow the wizard (select the Base-64 encoded X.509 (.CER) format, and choose the file system location to export to).
Step 2: Importing the certificate to the CA list
This is a rather simple step, but a bit tricky as you need to make sure you import the certificate into the correct JRE installation in case you have multiple JREs on your machine. To check which JRE installation is used by your Eclipse instance, go to Eclipse Preferences (Java > Installed JREs). I used the Portecle tool which is a user friendly GUI application for creating, managing and examining keystores, keys, certificates, certificate requests, certificate revocation lists and more. You can get it from: http://portecle.sourceforge.net/
Open the Portecle tool and Open the Keystore File of your JRE (cacerts) should be located in <JRE installation path> ..\jre\lib\security.
Enter the password to the keystore: changeit
Then go to Tools > Import Trusted Certificate, and select the exported certificate from where you have saved it. Save and close the tool.
Step 3: Add the connection in SAP NetWeaver Gateway Productivity Accelerator in Eclipse
After installing the Productivity Accelerator, in Eclipse Preferences, add the system connection using HTTPS and SSL port.