Sunday, October 4, 2009

Using certificates with the SAP NetWeaver Portal

After you install your SAP NetWeaver Portal, you will probably access it using regular HTTP. So, you'll use a URL that looks like: http://theportal.mycompany.com:50000/irj. If you use a logon form where you enter your portal username and password, thiose details will be sent to the portal server unencrypted, which means that a malicious person could in theory find that combination.

But did you know that you can use secure sockets to access the portal? By default, the portal is installed with SSL enabled. This means that you can change your URL slightly so that instead of typing "http", you can use "https", but you also need to add 1 to the port number (the number after the :) so that your URL for the above example becomes https://theportal.mycompany.com:50001/irj.

However there are a few problems with this. Depending on your browser, you will probably get a screen that looks like either



or



This is because by default the portal's standard SSL certificate has a few problems. These are:

--it's self signed, which means your browser doesn't trust it;
--it's expired; and
--it's been issued for an unexpected web site, localhost, not the one in the URL you entered.

This can be seen by opening up the certificate details:



So, why has this happened?