Creating a PSE for the Server Using SAPGENPSE
Use the command get_pse to generate the server's PSE, which includes the public and private key pair and a public-key certificate.
If you are using a trusted CA, then you can also use the get_pse command to generate a certificate request. Per default, all of the items are generated, however, you can use the options -noreq or -onlyreq to explicitly include or omit the certificate request.
Prerequisites
- The SAP Cryptographic Library is available on the server. For more information, see SAP Note 1848999
. - The environment variable SECUDIR has been set to the location where the PSE is to be stored.
Procedure
Use the following command line to generate a PSE. Create the server's PSE in the SECUDIR directory.
Where:
Standard Options
| Option | Parameter | Description | Allowed Values | Default |
|---|---|---|---|---|
|
-p |
<PSE_name> |
Path and file name for the server's PSE |
Path description (in quotation marks, if spaces exist) |
None |
|
-r |
<file_name> |
File name for the certificate request |
Path description (in quotation marks, if spaces exist) |
stdout |
|
-x |
<PIN> |
PIN that protects the PSE |
Character string |
None |
|
None |
DN |
Distinguished Name for the server The Distinguished Name is used to build the server's SNC name. |
Character string (in quotation marks, if spaces exist) |
None |
CN=ABC, OU=Test, O=MyCompany, C=DE
Additional Options
| Option | Parameter | Description | Allowed Values | Default |
|---|---|---|---|---|
|
-s |
<key_len> |
Key length |
512, 1024, 2048 |
1024 |
|
-a |
<algorithm> |
Algorithm used |
RSA, DSA |
RSA |
|
-noreq |
None |
Only generate a key pair and PSE. Do not generate a certificate request. |
Not applicable |
Not set |
|
-onlyreq |
None |
Generate a certificate request for the public key stored in the PSE specified by the -p parameter. |
Not applicable |
Not set |
Result
The server's PSE is created in the directory you specified.