Importing the Public Certificate

Use the keytool command to import the public certificate into your testing or SAP Mobile WorkSpace environment, so that you can establish HTTPS connections with SAP Mobile Server.

Prerequisites

You must first configure SAP Mobile Server to accept HTTPS connections. You can then import the public certificate generated during that process and use it to secure HTTPS communications with SAP Mobile Server.

Task

Use the Java keytool command to import the public certificate into the JRE on the host from which you want to connect to SAP Mobile Server using HTTPS. The host is your SAP Mobile WorkSpace installation, or the host on which you develop .NET client applications; for example, <SAP Mobile Platform_InstallDir>\JDK<version>\jre). This task prepares your system to run J2SE SAP Mobile Platform device applications.

  1. From the JRE\bin directory enter the command: %JAVA_HOME%\bin\keytool -import -keystore "%JAVA_HOME%\jre\lib\security\cacerts" -file (path to the certificate)
    The -file argument is the path to the public certificate.
    If the import is successful, replace the default keystore password, which can be whatever you want. For example:
    Enter keystore password:mykey 
Re-enter new password:mykey
  2. After entering the password you see output, similar to this, that identifies the certificate:

    Owner: CN=UEP, OU=ITS, O=SAP, L=Concord, ST=NH, C=US 
Issuer: CN=UEP, OU=ITS, O=SAP, L=Concord, ST=NH, C=US 
Serial number: 31
Valid from: Sun May 11 16:04:03 EDT 2008 until: Wed May 12 16:04:03 EDT 2010 
Certificate fingerprints:         
MD5:  50:E1:8E:53:FE:3C:C9:E6:34:70:71:01:8E:09:C8:CE
SHA1: 20:B5:26:B0:9B:8B:F7:9E:16:BA:2E:13:3D:03:73:32:AA:6A:52:53         
Signature algorithm name: MD5withRSA         
Version: 3
Extensions: 
#1: ObjectId: 2.5.29.15 Criticality=true 
KeyUsage [
Key_Encipherment  
Key_Agreement  
Key_CertSign
Crl_Sign 
] 
#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[  
CA:true  
PathLen:10 
]

    The owner and Issuer information should match the information you entered when you generate the certificate and key.

  3. Answer Y when asked whether to trust this certificate or not: 
    Trust this certificate? [no]:  y 
Certificate was added to keystore

    If you accept the default [no], the certificate is not added to the keystore.

The certificate should now be available from the keystore. If you enter an incorrect or invalid keystore path, or if the certificate import fails for other reasons, you receive a connection error when a J2SE client running on Windows attempts to connect (assuming this client points to the same %JAVA_HOME% as your import command). For example:
java.lang.RuntimeException: 
Synchronization of MetaData failed:
ianywhere.ultralitej.implementation.JrException: 
UltraLiteJ Error[-44]: Sync upload failure: 'sun.security.validator.ValidatorException: 
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target'
Parent topic: Configure - Eclipse Development Environment
Related concepts
Preferences
Importing and Exporting Connection Profiles and Projects
Related tasks
Creating a Data Source Connection Profile
Creating an SAP Mobile Server Connection Profile
Related reference
Certificate Generation Command Line Utility Reference