Message-level security processing is generally done in SAP NetWeaver Application Server Java (AS-Java). If the Integration Server executes security processing, a Web service is called in the J2EE Engine. Therefore, the certificates as well as the certification authority (CA) certificates to be used must be entered into the keystore of the J2EE Engine that executes the security handling at runtime. In the Integration Directory, you reference these certificates by stating the name of the keystore view and the name of the entry for the respective certificate.
The configuration process is described in more detail under Configuration. There, the two options for storing CA certificates are described:
· In the TrustedCAs predefined view
· In an arbitrary keystore view
It is recommended that you store CA certificates in the TrustedCAs view. The service user executing the web service will then require fewer authorizations than would be necessary otherwise. The authorizations required for an arbitrary keystore view are described under Sender Agreement.