Best practices Cloud Integration Content in SAP Process Orchestration – Setting up system.jks
This is a blog within a series of best practices blogs for cloud integration content in SAP Process Orchestration. For an overview of all blogs published within this series so far, refer to the overview blog.
The following blog shows how to setup the System Java Keystore on SAP Process Orchestration. We assume that you have already set up the integration content and hence the required security settings on SAP Cloud Platform Integration. The same security settings have to be maintained on SAP Process Orchestration, such as uploading system java key store, known host file for trusted sftp servers, user credentials, OAuth authentication, etc. Note, that the required security settings depend on your particular scenario. So, the approach would be to download the security artifacts from the SAP Cloud Platform Integration tenant, and upload the same to SAP Process Orchestration. Otherwise, if you start from scratch, you simply need to create a new system.jks file, and add your certificates to the same. The upload to SAP Process Orchestration is the same.
Access your SAP Cloud Platform Integration tenant, and switch to the Operations view by selecting Monitor from the navigation pane.
In the Operations view, scroll down to the Manage Security section, and click on the Keystore tile.
In the Manage Keystore view, click on the Download button. This will trigger the download of the system.jks file including all entries within your key store.
SAP Cloud Platform Integration supports the System Java Keystore file in the JCEKS format whereas the Java keystore of SAP Process Orchestration supports the JKS format. So, you need to change the type. Open the before downloaded system.jks file using KeyStore Explorer for instance. You can download the KeyStore Explorer from the web.
Enter the password that secures the system.jks file.
Change the type from JCEKS to JKS by selecting Tools –> Change Type –> JKS from the main menu. Re-enter your password, confirm the upcoming pop-up and save.
Launch the SAP NetWeaver Administrator on your SAP Process Orchestration system, and navigate to the key store via Configuration –> Security –> Certificates and Keys.
In the Key Storage, select the igw_default_keystore key storage view, and select button Import Entries From File.
Select the file type Java Key Store, navigate to your system.jks, enter the password of your system.jks, and select button Import. This will add all certificates and private keys within your system.jks into the key store below the selected key storage view.
Note: for setting up SSL, the root certificates of the receiver side servers have to be included into TrustedCAs as well.