Deleting Server Certificates

Use

If you do not trust certificates contained in the trust store of the client, you can remove them from the trust store.

Use Sun Microsystems’ Keytool to delete a server certificate or a root certificate. Keytool is a tool for the administration of keys and certificates.

Prerequisites

?     JDK / JRE 1.3.x or JDK / JRE 1.4.x (the Keytool of Sun Microsystems is shipped with JDK / JRE 1.3.x and JDK / JRE 1.4.x).

?     The client is installed on a Windows 32 platform or on a PDA with Pocket PC 2002 or Windows Mobile.

?     When you install the client on a Windows 32 platform, use either the uncompressed variant of client setup to perform the subsequent configurations, or do it on the installed client on the mobile device.

?     If the client is installed on a PDA with Pocket PC 2002 or Windows Mobile, you must already have performed the first steps described under Preconfiguring on Windows Mobile Platforms.

Procedure

       1.      Start an entry prompt.

       2.      Switch to the <Installation directory of SAP MI>\settings directory.

       3.      Check the contents of the trust store by entering the following in the entry prompt: <JAVA_HOME>\bin\keytool –list –v –keystore truststore –storepass access. Note the alias names of the certificates you want to remove.

       4.      Enter <JAVA_HOME>\bin\keytool -delete -alias <alias name> -keystore truststore.

<JAVA_HOME>\bin\keytool -delete -alias TestCA –keystore truststore

       5.      As keystore password, enter access if you are asked to do so in the entry prompt.

       6.      Check the contents of the trust store by entering the following in the entry prompt: <JAVA_HOME>\bin\keytool –list –v –keystore truststore –storepass access. In this way you can verify that the certificate you just deleted no longer exists in the trust store.

Result

The server certificate or root certificate has been removed from the trust store for the client.

Make sure that the user selects the uncompressed variant of the setup, which you configured as described above, when installing the client on a Windows 32 platform. The user must use the modified CAB file in the installation on a PDA with Pocket PC 2002 or Windows Mobile.