Renew portal certificate

Logging in to the BI Portal with an administrative account you need to go to the following path
1. http://domain.com:52000/irj/portal

2. System Administration 3. System Configuration 4. Keystore Administration 5. In the table above

we

can

see

the

expiration

date.

6. Now we generate new certificate via Virtual Admin 7. Go Server, then Services and then find and click once on Key Storage in the Services list. You will be presented with the below screen.

8. Now we click create in the Entry area.

9. An entry name SLTKNEW for now 10. The Common Name (CN) 11. The Organization Unit Name (OU) 12. We have given the certificate a validity period of 10 years in place of 1 year that was previously assigned. 13. We need to check Store Certificate 14. Leave the Key Length as the default of 1024 15. User the drop down on Algorithm and choose DSA
16. Once done choose Generate and looks like below

17. 18.

Now we can activate and use the new key certificate.

Once we have verified that the old and the new are aligned with

regards to their common attributes and the new one is active for usage we need to export the old one to keep it safe for now. This is done by clicking on the

Entry then Export button.

Now that we have a protected backup of the original we can instate the new one we have just created. To do this we can either delete the old one or in this case (recommended) rename the old one for now.
19.

20. We have chosen to rename it using a timestamp identifier of 20110103 to indicate the date this was renamed. We need to do the same with its pair (Private Key).

Once this is done we take the names of the original duo and reuse them on the new ones we have just generated. Please note that these need to be given exactly the same name as the original names and are case sensitive.
21.

1. SLTKNEW is now (SAPLogonTicketKeypair)

2. SLTKNEW-cert is now (SAPLogonTicketKeypair-cert)

22. Once this has been done we can then log back into the BI Portal and verify the effectiveness of the change.

23. 24. 25.

26.

We may now export the certificate to Abap system. Start by pressing the download verify .def file button above and save To import, go STRUSTSSO2 Click import certificate

the file to your machine.

27.

Locate the certificate you wish to add.

28.

Now check the certificate

29.

Once we have verified that the new certificate is in place. Simply delete

the old one from the list using the Delete button once you have verified you are highlighting the correct - outdated certificate in the list

30.

Now that we have renewed the certificate we need to ensure that the

old entries are removed from the ACL and that the new one is re-added as it is has a different Serial Number as previously discussed.
31. To do this, delete one at a time and then replace it. We have started by deleting the ACL entry for B0M against client 000 first and then re-adding it as in the below screenshot

32.

We have then deleted and re-added the entry for the non-existent

client 999 as follows.

33.

The resultant output is that we now have the ACL also updated with the

latest certificate information for the SSO to function correctly. If this is not done and the old entries are attempted to be re-used then the resultant outcome is an issue when loading web templates as follows

34.The below screenshot is what we are meant to see in a BI Dual Stack installation once we have completed all the necessary tasks.

35.

Completed