Show TOC

Exporting and Importing Application CertificatesLocate this document in the navigation structure


To join the security information you export the certificate of the application and import it into TREX key store.


  • The SAP Cryptographic Library is installed on the application server.
  • The environment variable SECUDIR is set to the location where the keystore PSE is stored.
  • The SNC PSE exists on the application server.

Exporting the Application Certificate

For the export of the application certificate you use the trust manager (transaction STRUST):

  1. Start the transaction STRUST.
  2. Choose the node SNC (SAPCryptolib)and select the key store.

    Information about the keystore appears in the maintenance section.

  3. Double click the application certificate that is displayed in the section Own Certificate.

    Information about the certificate appears in the section Certificate.

  4. In the section Certificate, choose the button Export certificate.

    The export dialog appears.

  5. Save the certificate to the destination (for example, to a local file SAPSNCS.r3.crt in the TREX directory SECUDIR). Now the certificate of the application is located on the file system.

Importing the Application Certificate into the TREX Keystore

On TREX side you import the application certificate from the file where you stored it into the TREX key store SAPSNCS.pse by the following command:

sapgenpse maintain_pk -a SAPSNCS.r3.crt -p SAPSNCS.pse

Overview of Commands for SAPGENPSE




Starts the cryptography tool SAPGENPSE.


Function of SAPGENPSE that imports the certificate to the key store.


Enter the file name of the certificate of the application to be imported.

<EXPORTED_FILENAME>.r3.crt is a placeholder for the exported certificate.

- p SAPSNCS.pse

You specify the file name of the key store that is to contain the certificate here.


The application certificate is imported into the TREX key store.