Entering content frame

Procedure documentation Importing the Root Certificate of the Web Server Locate the document in its SAP Library structure

Use

You import the root certificate of the Web server of the application using TREX to the keystore SAPSSLS.pse that you just created. You do this using the cryptography tool SAPGENPSE.

Prerequisites

During the security configuration of the application using TREX (for example, SAP Enterprise Portal) you made a root certificate available to the Web server of the application in question. You then import this certificate using SAPGENPSE.

Note

For information on using certificates and authentication in the J2EE Engine, see the SAP Help Portal at help.sap.com ® SAP NetWeaver  ® Release `04 ® SAP Library ® SAP NetWeaver  ® Application Platform (SAP Web Application Server) ® Java Technology in SAP Web Application Server ® Administration Manual  ® Server Administration ® SAP J2EE Engine Security ® Authentication on J2EE Engine

Procedure

...

You start the cryptography tool SAPGENPSE using a prompt.

Execute the executable file sapgenpse in the directory in which you defined the environment variable SECUDIR. The cryptography tool SAPGENPSE generates the keystores and stores them in this directory.

       1.      Start the import by SAPGENPSE by entering the following:

sapgenpse maintain_pk -a <EXPORTED_FILENAME>.cer -p SAPSSLS.pse

 

Overview of Commands for SAPGENPSE

Command

Function

sapgenpse

Starts the cryptography tool SAPGENPSE.

maintain_pk

Function of SAPGENPSE that imports the root certificate to the keystore.

-a <EXPORTED_FILENAME>.cer

Enter the file name of the root certificate of the portal Web server to be imported.

<EXPORTED_FILENAME>.cer is a placeholder for the exported certificate.

- p SAPSSLS.pse

You specify the file name of the keystore that  is to contain the root certificate here.

Caution

Access sequence

Check whether keystores already exist in your SECUDIR directory. As the SAPCRYPTOLIB accesses existing keystores in the order 1. SAPSSLA.pse --> 2. SAPSSLC.pse --> 3. SAPSSLS.pse, you also have to import the root certificate of the portal Web server to the keystores SAPSSLA.pse and SAPSSLC.pse. Otherwise you receive an error message.

Result

You have configured anonymous client authentication between the TREX preprocessor and the portal Web server.

 

See also:

Usage of Keystores

 

Leaving content frame