Show TOC

 Getting Started with the Trust ManagerLocate this document in the navigation structure

To start the trust manager, use the transaction STRUST.

The Trust Manager Screen

In the Trust Manager screen:

  • The PSE status frame (left frame) displays the PSEs that are defined for the system. Available PSEs include:
    • System PSE
    • SNC PSE if you use the SAP Cryptographic Library as the security product
    • SSL server PSEs
    • SSL client PSEs
    • WS-Security PSEs
    • Arbitrary file PSEs
    • PSEs defined for SSF applications that use the SAP Security Library or the SAP Cryptographic Library as the security product. (Use transaction SSFA to maintain SSF applications.)

    By expanding the node for a PSE that should exist for all application servers (for example, the system PSE), you can check the status of the PSE on each of the servers.


    If the SAP Cryptographic Library is not installed, then the nodes for the SSL, SNC, and WS-Security PSEs do not appear.

  • The PSE maintenance section (upper right) displays the PSE information for the PSE that you have selected to maintain.
  • The certificate section (lower right) displays certificate information for a certificate that you have selected or imported.

    The PSE maintenance section and the certificate section are independent of one another. If you display a PSE in the PSE maintenance section, the trust manager does not automatically display the server's certificate in the certificate section. To display a certificate, select the certificate with a double-click. The certificate then appears in the certificate section. In this way, you can use the certificate section as a "clipboard" for certificates.


    For example, you can use the certificate section when maintaining certificate lists as follows:

    1. Select a certificate contained in one PSE.
    2. Transfer it to the certificate section.
    3. Select a different PSE.
    4. Add the certificate to the new PSE.
Icons and Their Meanings

PSE Status Information (General)

Icon Meaning

PSE exists for distribution to all application servers

PSE does not exist in the database

PSE that exists as a file

The PSE is defined as a file, but does not exist

Link to the system PSE

PSE Status Information (per Application Server)

Icon Meaning

Status of the PSE has not yet been checked


Error in the attempt to check the PSE (for example, an error in the RFC connection)

PSE file is corrupt

PSE Maintenance

Icon Meaning
Certificate Request Functions (for the Certificate Contained in the PSE)

Create certificate request

Import certificate request response

Certificate List Maintenance Functions

Generate a verification PSE for the selected PSE

Assign a password to the PSE

Remove selected certificates from the certificate list

Certificates (General)

Icon Meaning

Export certificate

Import certificate

Add certificate to the PSE's certificate list


To refresh the status for a PSE, select the PSE and choose Check from the context menu (right mouse button).