Setting Up SECUDIR and Saving Files
(Windows)
Use
You need the SECURID system environment variable and the corresponding directory in order to store the license ticket (ticket) and the keystores to be created (SAPSSLS.pse, SAPSSLC.pse, SAPSSLA.pse). Set up the variable by checking existing environment variables and creating SECUDIR if it does not already exist.
Checking Whether SECUDIR Exists
The SECUDIR environment variable may already exist on your host as a result of a secure communication configuration. Proceed as follows to check whether SECUDIR already exists.
1. Choose Start ® Settings ® Control Panel ® System.
2. Choose Environment Variables on the Advanced tab page.
3. You can check existing environment variables on the Environment Variables screen under System Variables.
Creating SECUDIR and its Directory
If the SECUDIR system environment variable does not already exist, you have to create it for the configuration of the SAPGENPSE cryptography tool. Proceed as follows.
...
1. Create a directory called <drive>:\usr\sap\TREX\sec.
You have to assure that the users of the TREX web server as well as the TREX user have the required permissions on this directory otherwise the security files will not be accessible.
2. Choose Start ® Settings ® Control Panel ® System.
3. Choose Environment Variables on the Advanced tab page.
4. Choose System Variables and New on the Environment Variables screen.
5. Enter SECUDIR as the variable name and <drive>:\usr\sap\TREX\sec as the variable value. Confirm with OK.
6. Restart your computer so that the new SECUDIR system variable is recognized by your operating system.
Saving Files in Recommended Storage Locations
Recommended Storage Locations
Files |
Location |
sapcrypto.dll sapgenpse.exe |
Central directory for executables - DIR_CT_RUN: <drive>:usr\SAP\<SAPSID>\SYS\exe\nuc\<OS>, for example C:\SAP\B47\SYS\exe\nuc\NT386 The DIR_CT_RUN variable specifies the path to the central directory for executables. The Central Patch Environment (CPE) takes care of the automatic synchronization of executables and copies them from the central directory into the local TREX directory for executables (DIR_INSTANCE\exe; <drive>:usr\SAP\<SAPSID>\SYS\TRX<instance_number>\exe).
To ensure
that automatic synchronization takes place, activate CPE support for TREX
security. The CIR_CT_RUN variable is defined in the START_TRX<instance_number>_<host> start profile in the SAP system profile directory of your TREX installation: <SAPGLOBALHOST>\sapmnt\<SAPSID>\SYS\profile, for example C:usr\SAP\<SAPSID>\SYS\profile. |
ticket SAPSSLS.pse SAPSSLC.pse SAPSSLA.pse SAPSSNCS.pse , |
SECUDIR directory for ticket and key store: <drive>:\usr\sap\TREX\sec You have to define a SECURDIR system environment variable that points to this directory. If the SECUDIR system environment variable and the corresponding directory do not exist, you have to create them both. |
You create the SAPSSLS.pse, SAPSSLC.pse, SAPSSLA.pse, and SAPSSNCS.pse keystores using the SAPGENPSE cryptography tool. They are not part of the SAP Cryptographic Library installation package.
Refer to the notes for using keystores.
Save the downloaded sapcrypto.dll, sapgenpse.exe and ticket files and the generated keystores in a backup directory. These files may be lost if you completely reinstall TREX. If this happens, you can copy these files either to the central directory for executables (in the case of sapcrypto.dll and sapgenpse.exe) or to the directory of the SECUREDIR system environment variable in the case of ticket and the keystores). Your security configuration will then be available again.
Result
You have configured the SAPGENPSE cryptography tool on Windows and can now use it to configure secure communication.
Starting SAPGENPSE
You start the SAPGENPSE cryptography tool using a prompt.
Execute the sapgenpse executable file in the directory in which you defined the SECUDIR system environment variable. The SAPGENPSE cryptography tool generates the keystores and stores them in this directory.