Skip to main content
Skip table of contents

Certificates

Data Description

The PowerConnect Java agent is able to extract certificate metadata from the SAP system. This data can be leveraged for SAP certificate monitoring use cases.

Potential Use Cases

This event could be used in the following scenarios:

  • Alert on expiry of certificates

  • Visualize all certificate information including root CA

  • Alert when a new certificate is added to the SAP system

PowerConnect Administrative Console Configuration

Important: None of the configurations below requires a restart of the PowerConnect agent.

  • Login to the PowerConnect administrative console via the following URL (http://<serverhost>:<port>/powerconnect-java/index.html).

  • Then click on the Overview tab on the left. The screen will look like the screenshot below. Ensure that Certificates is checked and click Save.

image-20240315-212253.png

Certificate Permissions Configuration

By default the powerconnect user will only have permissions to monitor the TrustedCAs keystore certificates. To add other keystores do the following:

  • Login to the NWA UME Console via the following URL (http://<serverhost>:<serverport>/useradmin

  • Search for the powerconnect role you created when installing the agent (usually called powerconnect or JMXManageAll)

image-20240315-212908.png

  • Click the Assigned Actions Tab then click Modify

image-20240315-213134.png

  • Search for each Keystore you would like to monitor, the actions permission format is keystore-view.<KeystoreName> for example: keystore-view.WebServiceSecurity

image-20240315-213350.png

  • Select the resulting actions and click Add

image-20240315-213602.png

  • Repeat for each Keystore then click Save

  • To see a list of your Keystores go to the Certificates and Keys: Key Storage view in the NWA Console (http://<serverhost>:<serverport>/webdynpro/resources/sap.com/tc~lm~itsam~ui~mainframe~wd/FloorPlanApp?applicationID=com.sap.itsam.cfg.sec.keystore&applicationViewID=key_storage)

image-20240315-213843.png

  • The Name column contains the list of the Keystore names

Event

The event will look like this:

image-20240315-214143.png

There is an out of the box Splunk Dashboard available in the PowerConnect Splunk app:

  • Open the PowerConnect Splunk app

  • In the navigation bar click Java → NW → Netweaver Java: Certificate Monitoring

image-20240315-214300.png

  • The dashboard will be displayed

image-20240315-214453.png

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close