Keystore Views and Certificates Monitoring
In SAP, J2EE stores certificates and keys in multiple virtual key stores called Keystore Views.
The keys and certificates in the Key Storage views can be used for encryption, identification, and verification purposes when using AS Java functions.
The Key Storage entries themselves are stored in a distributed database.
On This Page
Monitoring
IT-Conductor™ provides a convenient approach in monitoring Keystore Views and Certificates:
- All Keystore Views are discovered automatically.
- Keystore Certificates are discovered if permissions to specific Keystore Views are granted to the IT-Conductor™ monitoring user.
- Thresholds can be configured for monitoring Keystore View status (This is calculated by SAP as "worst of" status for all the entries in the view.)
- Thresholds can be configured for monitoring Certificate Expiration Expiration and Days To Expiration.
Figure 1: Sample Keystore Views and Certificates
Permissions
- Access to Keystore View discovery and high-level monitoring is governed by keystore/keystore-views action and is included in the standard ITCONDUCTOR_MONITORING role.
Figure 2: ITCONDUCTOR_MONITORING Assigned Actions View in Detail
- Access to the individual certificates has to be granted as specific actions and configured by customers as needed.
For example: Monitoring the certificates in SecureLoginServer keystore view:
Figure 3: Sample SecureLoginServer View in Detail
- The IT-Conductor™ monitoring user needs to have specific permissions (actions) assigned for this view. Let us create a new role ITCONDUCTOR_CERTIFICATES and assign the following actions:
- keystore-view.SecureLoginServer / view-actions.all.all
- keystore-view.SecureLoginServer / entry-actions.all.all
Figure 4: Sample ITCONDUCTOR_CERTIFICATES View in Detail (a)
Figure 5: Sample ITCONDUCTOR_CERTIFICATES View in Detail (b)
- Repeat this for all views that require its certificates to be monitored:
- keystore-view.<View Name> / view-actions.all.all
- keystore-view.<View Name> / entry-actions.all.all
- Assign the newly created role ITCONDUCTOR_CERTIFICATES to IT-Conductor monitoring user.
- IT-Conductor™ will discover and start monitoring individual certificates under Key Store:
Figure 6: Sample Individual Certificates
Note
More Information
Learn more about the features for SAP J2EE (+PO) Monitoring.
Learn how to manage SAP J2EE Monitoring Role.
Do you have a question about the content on this page? E-mail us at support@itconductor.com.