In order to support signing and encryption in integration scenarios with SAP Process Orchestration (PO) and/or SAP Process Integration (PI) it is often necessary to load and access public/private keys and certificates from the Key Storage. This blog describes the steps required in order to use that functionality from the Key Storage of SAP NetWeaver. The keys and certificates will be used by a custom adapter module running on SAP PO 7.3 EHP1, but the same procedure can be applied when using standard PI adapters.

Assumptions:

• Integration scenario is Java-only (Advanced Adapter Engine)
• Keys / Certificates are supplied with the correct size and supported format.
• Loaded Key pairs (keystore) are of the type .JKS
• PI and administrator access right to the SAP NetWeaver Administrator tools.

Step 1.  Go to the NetWeaver Administrator page: http://<host>:<port>/nwa

Step 2. Log in to NWA.

Step 3. From NWA, enter "keys" as search query and press Enter.

Step 4. You should now see a window like the one below. Click on Key Storage.

Step 5. On the Key Storage View select "TrustedCA" from the top rows. We are only interested in this type of entry.

Step 6. Click on "Import Entry" and select "PKCS # 12 Key Pair" as entry type. << Please select the corresponding entry type depending on your own requirements.

Step 7. Browse to the key/certificate stored on your local file system or network, and specify the corresponding password. Click "Import" and verify if key was succesfully imported by pressing the tab "View Entries" the new key to search. A new entry with your key name must appear on the list.

Step 8. From now on your applications (including adapter modules and custom adapters) running on top of the SAP NetWeaver Java Application Server can use (certificates, public and private keys) keys stored on the "TrustedCA's" keystore.