You import the root certificate of the Web server of the application using TREX to the SAPSSLS.pse keystore that you just created. You do this using the cryptography tool SAPGENPSE.
If the actual storage location for the documents that the preprocessor refers to is located on a Web server outside of a secure system landscape, you must also register the root certificate of this Web server with the preprocessor by importing it on the server in question.
Prerequisites
During the security configuration of the application using TREX (for example, SAP Enterprise Portal) you registered a root certificate with the Web server of the application in question. You then import this certificate using SAPGENPSE.
Procedure
You start the SAPGENPSE cryptography tool using a prompt.
Execute the executable file sapgenpse in the directory in which you defined the SECUDIR environment variable. The SAPGENPSE cryptography tool generates the keystores and stores them in this directory.
sapgenpse maintain_pk -a <EXPORTED_FILENAME>.cer -p SAPSSLS.pse
Overview of Commands for SAPGENPSE
Command | Function |
---|---|
sapgenpse |
Starts the SAPGENPSE cryptography tool. |
maintain_pk |
Function of SAPGENPSE that imports the root certificate to the keystore. |
-a <EXPORTED_FILENAME>.cer |
Enter the file name of the root certificate of the portal Web server to be imported. <EXPORTED_FILENAME>.cer is a placeholder for the exported certificate. |
-p SAPSSLS.pse |
You specify the file name of the keystore that is to contain the root certificate here. |
Access Sequence
Check whether keystores already exist in your SECUDIR directory. As the SAPCRYPTOLIB accesses existing keystores in the order 1. SAPSSLA.pse → 2. SAPSSLC.pse → 3. SAPSSLS.pse, you also have to import the root certificate of the portal Web server to the keystores SAPSSLA.pse and SAPSSLC.pse. Otherwise you receive an error message.
Result
You have configured anonymous client authentication between the TREX preprocessor and the Web server.
See also: