Certificate Exchange
This guide covers the certificate exchange between BTP Integration Suite and SAP NetWeaver AS JAVA required for the IdM accelerator integration.
Prerequisites
- The installation steps of the IdM accelerator must be completed.
- The repository is configured on the ROI iAM side (source, target, and system details).
- The initial load of the system has been executed in ROI iAM.
- All HR users must exist in ROI iAM and have their
ROIAM_IDENTIFIER_<hubName>populated in IdM.
1. Identify the JVM libPath
Open a terminal or PowerShell session on the NetWeaver server and locate the NetWeaver installation directory.
Run the following command:
text<netweaverDirectory>/work/jstart.jvmWhere:
<netweaverDirectory>– SAP NetWeaver AS directory. Example:/usr/sap/<instanceName>/<instance><instanceName>– Example:ASD<instance>– Example:J00
Locate the
libPathvalue in the output. For example:text/usr/sap/<instanceName>/<instance>/exe/sapjvm_8/jre/lib/amd64/server /usr/sap/<instanceName>/<instance>/exe/sapjvm_8/jre/lib/amd64
2. Verify the Java Keystore Location
Confirm that the Java keystore file exists before proceeding with the certificate import.
Navigate to the Java security directory, typically:
text/usr/sap/<instanceName>/<instance>/exe/sapjvm_8/jre/lib/securityVerify that the
cacertsfile exists in that directory.
3. Prepare the Integration Suite Certificate
Follow the steps in the Preparation guide: Subaccount B to download the certificate.
4. Import the Certificate into the Keystore
Import the downloaded certificate into the NetWeaver Java keystore.
Run the following command to import the certificate:
textkeytool -keystore <netweaverDirectory>/exe/sapjvm_8/jre/lib/security/cacerts -storepass <keystorePass> -alias CI-G5_Root -import -file <integrationSuiteDirectory>Where:
<keystorePass>– Password for the keystore. The default value ischangeit.<integrationSuiteDirectory>– Path to the.cerfile downloaded in the previous step.
When prompted, confirm the import.