Importing the Root Certificate of the Web Server

You import the root certificate of the Web server of the application using TREX to the SAPSSLS.pse keystore that you just created. You do this using the cryptography tool SAPGENPSE.

Prerequisites

During the security configuration of the application using TREX (for example, SAP Enterprise Portal) you registered a root certificate with the Web server of the application in question. You then import this certificate using SAPGENPSE.

Procedure

You start the SAPGENPSE cryptography tool using a prompt.

Execute the executable file sapgenpse in the directory in which you defined the SECUDIR environment variable. The SAPGENPSE cryptography tool generates the keystores and stores them in this directory.

1. Start the import by SAPGENPSE by entering the following:

   sapgenpse maintain_pk -a <EXPORTED_FILENAME>.cer -p SAPSSLS.pse

   Overview of Commands for SAPGENPSE

   Command	Function
   sapgenpse	Starts the SAPGENPSE cryptography tool.
   maintain_pk	Function of SAPGENPSE that imports the root certificate to the keystore.
   -a <EXPORTED_FILENAME>.cer	Enter the file name of the root certificate of the portal Web server to be imported. <EXPORTED_FILENAME>.cer is a placeholder for the exported certificate.
   -p SAPSSLS.pse	You specify the file name of the keystore that  is to contain the root certificate here.

   Caution

   Access Sequence

   Check whether keystores already exist in your SECUDIR directory. As the SAPCRYPTOLIB accesses existing keystores in the order 1. SAPSSLA.pse → 2. SAPSSLC.pse → 3. SAPSSLS.pse, you also have to import the root certificate of the portal Web server to the keystores SAPSSLA.pse and SAPSSLC.pse. Otherwise you receive an error message.

Result

You have configured anonymous client authentication between the TREX preprocessor and the Web server.

See also:

Usage of Keystores