19.2    Handling Certificates

Within the AEX, several protocols can make use of certificates, such as HTTPS and SFTP. Certificates are used for encryption, identification, and validation purposes. The next sections will touch on two certificate concepts.

19.2.1    Certificate Key Storage

Within the Java stack, the certificates and keys are stored in key storage. SAP NetWeaver Administrator is used to manage key storage within the Java stack.

Java key storage contains a list of standard views to cater to different operations on certificates. Custom views can also be created if required. For example, customer views can be created for a certain interface or customer, to separate certificates for different scenarios.

Key storage can be accessed by going to http://<hostname>:<port>/nwa and choosing Configuration • Certificates and Keys.

19.2.2    Encryption of Message Content on Database Level

In addition to the option to use encryption while transferring messages, you can also store encrypted payloads and attachments in the database. With this approach, users that have direct access to the database level can’t read the message content and payloads.

Encryption on the database level can be set up for interfaces that contain confidential data and will ensure that the entire message is encrypted. Note that it’s not possible to only encrypt parts of a message; the entire message must be encrypted. It’s important to be aware that encryption of messages generates overhead. The encryption process is CPU bounded. Every time a message is stored to or read from the database, an encryption or decryption of the message takes place.

In addition, note that there are some restrictions and disadvantages when encrypting messages on the database level. Therefore, remember to check the available documentation.