Show TOC

Creating the SNC PSELocate this document in the navigation structure

Use the procedure below to create the PSE that the server uses for SNC.

Note

If you are using a single PSE for all server components and you have already created the PSE on a different server, see Importing the SNC PSE.

Prerequisites
  • The SAP Cryptographic Library is available on the application server. For more information, see SAP Note 1848999 Information published on SAP site.
    Note

    If the SAP Cryptographic Library is not installed, the trust manager does not display the node for the SNC PSE.

  • The environment variable SECUDIR is set to the location where the PSE is stored.
  • The naming convention you use for the Distinguished Name must match the Distinguished Name part of the server's SNC name, which you define in the profile parameter snc/identity/as. If this profile parameter is not yet set, you can still specify the server's Distinguished Name, but you receive a warning that you have to maintain the profile parameter. (See also Setting the SNC Profile Parameters.)
  • The server's Distinguished Name for SNC must also be unique. It cannot also be used in a different PSE, for example, the system PSE.
Procedure

Using the trust manager (transaction STRUST):

  1. Select the SNC PSE node.
  2. Call the context menu and choose Create (if no PSE exists) or Replace.

    The <Create/Replace> PSE dialog appears.

  3. If the server's SNC name is defined in the profile parameter snc/identity/as, the system automatically determines the Distinguished Name accordingly. Otherwise, enter the Distinguished Name parts in the corresponding fields, for example:
    • Name = <SID>
    • Org. (opt.) = Test
    • Comp./Org. = MyCompany
    • Country = US
      Note

      If you use a reference to a CA namespace, the elements contained in the CA field are automatically used for the server's Distinguished Name. In this case, you are also unable to modify the Country field. Use the toggle function () to activate or deactivate the reference to a CA name space.

      Note

      The application server's Distinguished Name for SNC must also be unique. You cannot specify a Distinguished Name that the server uses in a different PSE, for example, the system PSE.

      1. Choose Enter.

        You return to the Trust Manager screen.

      2. For SNC, you must assign a password to the PSE. Choose  Assign password.

        The PSE dialog appears.

      3. Enter a password for the PSE and choose Enter.

        You return to the Trust Manager screen.

Result

The system creates the SNC PSE and distributes it to the individual application servers. The system protects the PSE with a password and creates credentials for the server so that it can access the PSE at runtime.

If you are using individual PSEs, the next step is to exchange the servers' public-key certificates. Otherwise, export the SNC PSE to the file system.