Start of Content Area

Procedure documentation Saving Files (UNIX)  Locate the document in its SAP Library structure

Use

You have to save the downloaded executables of the SAP Cryptographic Library (libsapcrypto.<ext>), the keystores to be created (SAPSSLS.pse, SAPSSLC.pse, SAPSNCS.pse, SAPSSLA.pse), and the downloaded license ticket (ticket) in the recommended storage locations.

Prerequisites

The following prerequisites are assured automatically:

      The directory for storing the license ticket (ticket) and for storing the keystores to be created (SAPSSLS.pse, SAPSSLC.pse, SAPSNCS.pse, and SAPSSLA.pse) is created during the TREX installation procedure.

      The SECUDIR (DIR_INSTANCE/sec; SAP/<SAPSID>/SYS/TRX<instance_number>/sec) and SNC_LIB (DIR_EXECUTABLE/libsapcrypto.so) environment variables are both needed by SAPGENPSE.

These variables are set by the shell script TREXSettings.* (TREXSettings.sh for Bourne shell sh, Bourne-again shell bash, and Korn shell ksh; TREXSettings.csh for C shell csh) during the start up of TREX.

Saving Files in Recommended Storage Locations

Files

Location

sapgenpse

libsapcrypto.<ext> For example, libsapcrypto.so for the operating system SUN

 

Central directory for executables DIR_CT_RUN: usr/SAP/<SAPSID>/SYS/exe/nuc/<OS>

The DIR_CT_RUN variable specifies the path to the central directory for executables. 

This graphic is explained in the accompanying text

The CIR_CT_RUN variable is defined in the START_TRX<instance_number>_<host> start profile, which you find in the SAP system profile directory of your TREX installation: <SAP System Mount Directory>/<sapsid>/profile

The Central Patch Environment (CPE) takes care of the automatic synchronization of executables and copies them from the central directory into the local TREX directory for executables
($ (DIR_INSTANCE)/exe: /usr/sap/<SAPSID>/SYS /TRX<instance_number>/exe).

This graphic is explained in the accompanying text

To ensure that automatic synchronization takes place, activate CPE support for TREX security.

More information: Enabling CPE Support for TREX Security  

ticket

SAPSSLS.pse

SAPSSLC.pse

SAPSSLA.pse

SAPSSNCS.pse

SECUDIR directory for ticket and keystore:

SAP/<SAPSID>/SYS/TRX<instance_number>/sec

The directory for storing license ticket and keystores is created during the TREX installation procedure.  The SECUDIR (DIR_INSTANCE/sec) environment variable is set by the TREXSettings.* shell script during the start up of TREX.

You create the SAPSSLS.pse, SAPSSLC.pse, SAPSSLA.pse, and SAPSSNCS.pse keystores using the SAPGENPSE cryptography tool. They are not part of the SAP Cryptographic Library installation package.

This graphic is explained in the accompanying text

Refer to the notes for using keystores.

Save the downloaded files libsapcrypto.so (HP-UX: libsapcrypto.sl), sapgenpse, and ticket and the generated keystores in a backup directory. These files may be lost if you completely reinstall TREX. If this happens, you can copy these files either to the central directory for executables (in the case of libsapcrypto.so (HP-UX: libsapcrypto.sl), sapgenpse) or to the directory of the SECUDIR system environment variable (in the case of ticket and the generated keystores).  Your security configuration will then be available again.

Result

You have configured the SAPGENPSE cryptography tool on UNIX and can now use it to configure secure configuration.

Starting SAPGENPSE

...

Start the SAPGENPSE cryptography tool using a prompt.

Execute sapgenpse in the directory in which you defined the SECUDIR environment variable. The SAPGENPSE cryptography tool generates the keystores and stores them in this directory.

 

 

 

End of Content Area