Creating a Keystore and Importing an X.509 Certificate and Private Key

Create a keystore on the Unwired Server host into which you can import the certificate and private key (PKCS12) issued by the SAP system administrator, which is required for SSO using X.509 certificates.

Create a keystore and add the SAP issued DOETECH certificate and private key to the Unwired Server host. You can do this in a variety of ways. One way is to implement the Not Yet Commons library to create a KeyStoreBuilder, described at the http://juliusdavies.ca/commons-ssl/index.html Web site. For example:

  1. Shut down Unwired Server.
  2. Add @java -cp %~dp0not-yet-commons-ssl-0.3.11.jar org.apache.commons.ssl.KeyStoreBuilder to the KeyStoreBuilder.bat file.
  3. Produce a DOECTECH.jks Java keystore: KeyStoreBuilder password DOECTECH.p12
  4. Change the certificate and keystore passwords, and import the certificates from the source keystore to the target, using these keytool commands:
    keytool -storepasswd -new changeit -keystore DOECTECH.jks -storepass password

    keytool -keypasswd -alias doectech -keypass password -storepass changeit -new changeit -keystore DOECTECH.jks

    keytool -importkeystore -destkeystore l:\Sybase\UnwiredPlatform\Servers\UnwiredServer\Repository\Security\keystore.jks -srckeystore DOECTECH.jks

  5. When prompted, enter these responses:
    Enter destination keystore password: changeit

    Enter source keystore password: changeit

If successful, you see this output:
Entry for alias doectech successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
Parent topic: Setting up SAP SSO Using X.509 Certificates
Previous topic: Generating and Installing an X.509 Test Certificate on Unwired Server
Next topic: Installing and Configuring Certificates on Unwired Server