The server must have active credentials at run-time. Therefore, to produce active credentials, you must use the configuration tool's command seclogin to "open" the server's PSE.
The credentials are located in the file cred_v2 in the directory specified in the environment variable SECUDIR. Make sure that only the user under which the server runs has access to this file (including read access).
It is also very important to create the credentials for the user who runs the server's processes. For example, for the application server, the user is typically <sid>adm(UNIX) or SAPService<SID> (Windows). For more information, see Checking the Application Server's User (Windows).
· The SAP Cryptographic Library is installed on the server.
· The environment variable SECUDIR has been set to the location where the PSE is stored.
· The PSE exists on the server.
Use the following command line to open the server's PSE and create credentials:
sapgenpse seclogin <additional_options> [-p <PSE_name>] [-x <PIN>] [-O [<NT_Domain>\]<user_ID>]
Where:
Standard Options
Option |
Parameter |
Description |
Allowed Values |
Default |
-p |
<PSE_name> |
Path and file name for the server's PSE |
Path description (in quotation marks, if spaces exist) |
None |
-x |
<PIN> |
PIN that protects the PSE |
Character string |
None |
-O |
[<Windows_Domain>]\<user_ID> |
User for which the credentials are created. (The user that runs the server's processes.) |
Valid operating system user |
The current user |
Additional Options
Option |
Parameter |
Description |
Allowed Values |
Default |
-l |
None |
List all available credentials for the current user. |
Not applicable |
Not set |
-d |
None |
Delete PSE |
Not applicable |
Not set |
-chpin |
None |
Specifies that you want to change the PIN |
Not applicable |
Not set |
You can also use the seclogin command to delete the server's credentials, change the PIN that protects a PSE, or to list the available credentials for a user (option -l).
The following command line opens the application server's PSE (<SID> = ABC) that is located at D:\usr\sap\ABC\DVEBMGS28\sec\ABC.pse and creates credentials for the user SAPServiceABC. The PIN that protects the PSE is abcpin.
sapgenpse seclogin -p D:\usr\sap\ABC\DVEBMGS28\sec\ABC.pse -x abcpin -O SAPServiceABC
The credentials file (cred_v2) for the user provided with the -O option is created in the SECUDIR directory.
Check the contents of the directory at the operating system level to make sure the credentials were created in the correct location before proceeding with the next step.