Creating the SNC PSE
Use the procedure below to create the PSE that the server uses for SNC.
Prerequisites
- The SAP Cryptographic Library is available on the application server. For more information, see SAP Note 1848999
.
- The environment variable SECUDIR is set to the location where the PSE is stored.
- The naming convention you use for the Distinguished Name must match the Distinguished Name part of the server's SNC name, which you define in the profile parameter snc/identity/as. If this profile parameter is not yet set, you can still specify the server's Distinguished Name, but you receive a warning that you have to maintain the profile parameter. (See also Setting the SNC Profile Parameters.)
- The server's Distinguished Name for SNC must also be unique. It cannot also be used in a different PSE, for example, the system PSE.
Procedure
Using the trust manager (transaction STRUST):
- Select the SNC PSE node.
- Call the context menu and choose Create (if no PSE exists) or Replace.
The <Create/Replace> PSE dialog appears.
- If the server's SNC name is defined in the profile parameter snc/identity/as, the system automatically determines the Distinguished Name accordingly. Otherwise, enter the Distinguished Name parts in the corresponding fields, for example:
- Name = <SID>
- Org. (opt.) = Test
- Comp./Org. = MyCompany
- Country = US
- Choose Enter.
You return to the Trust Manager screen.
- For SNC, you must assign a password to the PSE. Choose
Assign password.
The PSE dialog appears.
- Enter a password for the PSE and choose Enter.
You return to the Trust Manager screen.
- Choose Enter.
Result
The system creates the SNC PSE and distributes it to the individual application servers. The system protects the PSE with a password and creates credentials for the server so that it can access the PSE at runtime.
If you are using individual PSEs, the next step is to exchange the servers' public-key certificates. Otherwise, export the SNC PSE to the file system.