!--a11y-->
Importing the Root Certificate of the Web
Server 
You import the root certificate of the Web server of the application using TREX to the keystore SAPSSLS.pse that you just created. You do this using the cryptography tool SAPGENPSE.
During the security configuration of the application using TREX (for example, SAP Enterprise Portal) you made a root certificate available to the Web server of the application in question. You then import this certificate using SAPGENPSE.

For information on using certificates and authentication in the J2EE Engine, see the SAP Help Portal at help.sap.com ® SAP NetWeaver ® Release `04 ® SAP Library ® SAP NetWeaver ® Application Platform (SAP Web Application Server) ® Java Technology in SAP Web Application Server ® Administration Manual ® Server Administration ® SAP J2EE Engine Security ® Authentication on J2EE Engine
...
You start the cryptography tool SAPGENPSE using a prompt.
Execute the executable file sapgenpse in the directory in which you defined the environment variable SECUDIR. The cryptography tool SAPGENPSE generates the keystores and stores them in this directory.
1. Start the import by SAPGENPSE by entering the following:
sapgenpse maintain_pk -a <EXPORTED_FILENAME>.cer -p SAPSSLS.pse
Overview of Commands for SAPGENPSE
Command |
Function |
sapgenpse |
Starts the cryptography tool SAPGENPSE. |
maintain_pk |
Function of SAPGENPSE that imports the root certificate to the keystore. |
-a <EXPORTED_FILENAME>.cer |
Enter the file name of the root certificate of the portal Web server to be imported. <EXPORTED_FILENAME>.cer is a placeholder for the exported certificate. |
- p SAPSSLS.pse |
You specify the file name of the keystore that is to contain the root certificate here. |

Access sequence
Check whether keystores already exist in your SECUDIR directory. As the SAPCRYPTOLIB accesses existing keystores in the order 1. SAPSSLA.pse --> 2. SAPSSLC.pse --> 3. SAPSSLS.pse, you also have to import the root certificate of the portal Web server to the keystores SAPSSLA.pse and SAPSSLC.pse. Otherwise you receive an error message.
You have configured anonymous client authentication between the TREX preprocessor and the portal Web server.
See also: