Configuring SAPGENPSE for Use

If you are configuring and using the cryptography tool SAPGENPSE, you should be aware of which files you require and know where they are stored. These files are not only required initially for the authentication of the communication partner. They are also required during data transmission in order to encode the data and ensure data integrity. This means that the files must be stored in particular places so that the system can find them and access them at runtime.

Prerequisites

• You have logged on as user<SAPSID>adm, which is the operating system user for administering TREX.
• You have downloaded the SAP Cryptographic Library from the SAP Service Marketplace and unpacked the contained data.

Required Files

Process Flow

You need a system environment variable SECUDIR on Windows and an environment variable SECUDIR on UNIX in order to store the licence tickets (tickets) and the generated keystores(SAPSSLS.pse, SAPSSLC.pse, SAPSSLA.pse, SAPSNCS.pse). Set up the variable by checking existing environment variables and creatingSECUDIR if it does not already exist. You then store the files in the recommended storage locations. On UNIX the needed variables are set automatically by a shell script.

The procedure is basically the same on Windows and UNIX:

1. First check whether the system environment variableSECUDIR already exists (Windows only) as a result of a previous security configuration.
2. If it does not exist, create the (system) environment variableSECUDIR and the corresponding directory (Windows only).
3. Store the relevant files in the directories that already existed or that you just created.
4. Enable CPE support for TREX security.
5. Start the cryptographic tool SAPGENPSE using a prompt.

The procedures for Windows and UNIX are described in the following sections:

• Setting Up SECUDIR and Saving Files (Windows)
• Setting Up SECUDIR and Saving Files (UNIX)
• Enable CPE support for TREX Security