Upcoming expiration of certificates tc_trust_class_2_ii and tc_trust_class_2_L1_CA_XI

In SAP NetWeaver AS Java environments, two trust center certificates — tc_trust_class_2_ii and tc_trust_class_2_L1_CA_XI — are approaching their expiration date. These certificates are part of the platform’s built-in trust store and are used for validating secure communication scenarios, including SSL/TLS handshakes and signature verification between SAP components or external services.

When these certificates expire, systems may experience issues such as:

  • failed SSL connections,
  • trust validation errors,
  • problems with SSO or secure integration scenarios,
  • warnings or red alerts in monitoring tools like SAP Solution Manager.

SAP recommends updating the affected certificates in the Java keystore (via SAP NetWeaver Administrator / Key Storage), validating the new certificate chain, and restarting relevant Java components to apply the changes.

For detailed steps, troubleshooting notes, and updated certificate files, refer to SAP Note 3671328, where SAP provides the full technical guidance.

Copyright © 2025. SAPBasisWorld.com Privacy Policy