Keystore Views and Certificates Monitoring

In SAP, J2EE stores certificates and keys in multiple virtual key stores called Keystore Views.

The keys and certificates in the Key Storage views can be used for encryption, identification, and verification when using AS Java functions.

The Key Storage entries themselves are stored in a distributed database.

IT-Conductor Monitoring

IT-Conductor provides a convenient approach to monitoring Keystore Views and Certificates.

• All Keystore Views are discovered automatically.

• Keystore Certificates are discovered if permissions to specific Keystore Views are granted to the IT-Conductor monitoring user.

• Thresholds can be configured for monitoring Keystore View status. (This is calculated by SAP as the "worst of" status for all the entries in the view.)

• Thresholds can be configured for monitoring Certificate Expiration and Days To Expiration.

Permissions

• Access to Keystore View discovery and high-level monitoring is governed by keystore/keystore-views action and is included in the standard ITCONDUCTOR_MONITORING role.

• Access to the individual certificates has to be granted as specific actions and configured by customers as needed.

For example: Monitoring the certificates in SecureLoginServer Keystore view.

• The IT-Conductor monitoring user needs to have specific permissions (actions) assigned for this view. Let us create a new role ITCONDUCTOR_CERTIFICATES and assign the following actions:

  • keystore-view.SecureLoginServer / view-actions.all.all

  • keystore-view.SecureLoginServer / entry-actions.all.all

• Repeat this for all views that require their certificates to be monitored:

  • keystore-view.<View Name> / view-actions.all.all

  • keystore-view.<View Name> / entry-actions.all.all

• Assign the newly created role ITCONDUCTOR_CERTIFICATES to the IT-Conductor monitoring user.

• IT-Conductor will discover and start monitoring individual certificates under Key Store.

Related Information

• SAP PO Application Monitoring

• SAP J2EE Monitoring Role