Exporting a PKCS#12 File
Use
Use this procedure to export the key pair from a PSE file to a file in PKCS#12 format.
Prerequisites
· The SAP Cryptographic Library has been installed.
· The environment variable SECUDIR has been set to the location where the PSE is stored.
· The PSE exists on the server.
Procedure
Use the following command line to export the key pair to a PKCS#12 file:
sapgenpse export_p12 <additional options> [-p <pse file>] <filename>.p12
Where:
Standard Options
Option |
Parameter |
Description |
Allowed Values |
Default |
-p |
<PSE_name> |
Path and file name for the server's PSE |
Path description (in quotation marks, if spaces exist) |
None |
The following command line exports the application server's PSE (<SID> = ABC) to a file in PKCS#12 format at D:\usr\sap\ABC\DVEBMGS28\sec\ABC.p12.
sapgenpse export_p12 -p D:\usr\sap\ABC\DVEBMGS28\sec\ABC.pse D:\usr\sap\ABC\DVEBMGS28\sec\ABC.p12
Additional Options
Option |
Parameter |
Description |
Allowed Values |
Default |
-x |
<PIN> |
PIN that protects the PSE |
Character string |
None |
-z |
<password> |
Password to use for encrypting the P12 file |
Character string |
None |
-C |
<count> |
Include <count> hierarchy certs (0=all incl. PKRoot) |
Integer |
0 |
-w |
None |
Use WEAK (=40-bit) encryption for private key |
None |
None |
-f |
<pse|cn|dn> |
Select the PSE filename, the CN part of the Distinguished Name, or the full subject of the Distinguished Name to use for the friendly name to identify the key pair |
pse, cn, or dn |
None |
-F |
<fr_name> |
Set <fr_name> as friendly name for the exported keypair (overrides any -f selection) |
Character string |
None |