Entering content frame

Procedure documentation Setting Up SECUDIR and Saving Files (UNIX) Locate the document in its SAP Library structure

Use

You need the environment variable SECUDIR and the corresponding directory in order to store the license ticket (ticket) and the keystores to be created (SAPSSLS.pse, SAPSSLC.pse, SAPSSLA.pse). Set up the variable by checking existing environment variables and creating SECUDIR if it does not already exist.

Checking Whether SECUDIR Exists

...

       1.      Log on with the user <sapsid>adm.

       2.      Enter the command env in the Shell.

A list of environment variables set for UNIX appears.

Creating SECUDIR and a Corresponding Directory

If the environment variable SECUDIR does not already exist, you have to create it anew for the configuration of the cryptography tool SAPGENPSE. Proceed as follows. There are two shell scripts in the TREX installation directory. You can use them to set an environment variable manually.

·        TREXSettings.sh (Bourne shell sh, Bourne-again shell bash, Korn shell ksh)

·        TREXSettings.csh (C shell csh)

Procedure

...

       1.      Log on with the user <sapsid>adm.

       2.      Create a directory for the environment variable SECUDIR under <homedirectory>/sec, for example, /home//<sapsid>adm /sec.

Note

The directory /home/<sapsid>adm /sec is normally created by SAPinst during the TREX installation. If this directory does not exist, you have to create it. Do not create the directory as a subdirectory of the TREX installation directory (SAP_RETRIEVAL_PATH). If you do so, the files for the security configuration can be lost if you completely reinstall TREX.

       3.      Go to the TREX installation directory.

       4.      Use a text editor to open the script for setting environment variables.

– TREXSettings.sh (Bourne-Shell sh, Bourne-again-Shell bash, Korn-Shell ksh)

– TREXSettings.csh (C-Shell csh)

       5.      Define the directory for the environment variable SECUDIR by entering the following at the end of the code: SECUDIR=<directory defined in step 2 >, for example, SECUDIR=/home//<sapsid>adm/sec

       6.      Enter export SECUDIR after it, so that the variable SECUDIR becomes an environment variable.

Example

TREXSettings.sh (Bourne shell sh, Bourne-again shell bash, Korn shell ksh)

...

SECUDIR=/home/<sapsid>adm/sec
export SECUDIR

 

Example

TREXSettings.csh (C shell csh)

...

setenv SECUDIR /home/<sapsid>adm/sec

 

       7.      Store the script and close the text editor.

       8.      Then execute the relevant script.

¡        Bourne shell sh, Bourne-again shell bash, Korn shell ksh:

. TREXSettings.sh

¡        C shell csh:

source TREXSettings.csh

Saving Files in Recommended Storage Locations

Recommended Storage Locations

Files

Storage Location

sapgenpse

libsapcrypto.<ext>
for example, libsapcrypto.so for the operating system SUN OS 5.8

TREX installation directory

Environment variable: SAP_RETRIEVAL_PATH

Note: The environment variable SAP_RETRIEVAL_PATH and the TREX installation directory are created when TREX is installed.

ticket

SAPSSLS.pse

SAPSSLC.pse

SAPSSLA.pse

Directory: <homedirectory>/sec, for example, /home//<sapsid>adm/sec

Environment variable:      SECUDIR

Note

If the environment variable SECUDIR does not yet exist, you have to create it using the Shell script for setting environment variables on UNIX.

You create the keystores SAPSSLS.pse, SAPSSLC.pse, and SAPSSLA.pse using the cryptography tool SAPGENPSE. These are not part of the SAP Cryptographic Library installation package.

Note

Refer to the notes for using keystores.

Save the downloaded files libsapcrypto.so (HP-UX: libsapcrypto.sl), sapgenpse, and ticket and the generated keystores in a backup directory. These files may be lost if you completely reinstall TREX. If this happens, you can copy these files either to the TREX installation directory (in the case of libsapcrypto.so (HP-UX: libsapcrypto.sl), sapgenpse) or to the directory of the system environment variable SECUDIR (in the case of ticket and the generated keystores). Your security configuration is then available again.

Result

You have configured the cryptography tool SAPGENPSE on UNIX and can now use it to configure secure configuration.

Starting SAPGENPSE

...

Start the cryptography tool SAPGENPSE using a prompt.

Execute the executable file sapgenpse in the directory in which you defined the environment variable SECUDIR. The cryptography tool SAPGENPSE generates the keystores and stores them in this directory.

 

 

Leaving content frame