Export and Import of Application
Certificate
Use
To join the security information you export the certificate of the application and import it into TREX keystore.
Prerequisites
● The SAP Cryptographic Library is installed on the application server.
● The SECUDIR environment variable is set to the location where the PSE keystore is stored.
● The SNC PSE exists on the application server.
Export Application Certificate
For the export of the application certificate, you use the trust manager (transaction STRUST):
...
1. Start the transaction STRUST.
2. Choose SNC (SAPCryptolib) and select the keystore.
Information about the keystore appears in the Maintenance section.
3. Double-click the application certificate that is displayed in Own Certificate.
Information about the certificate appears in the section Certificate.
4. In the Certificate section, choose Export certificate.
The export dialog appears.
5. Save the certificate to the destination (for example, to a local file SAPSNCS.r3.crt in the TREX SECUDIR directory. Now the certificate of the application is located on the file system.
More Information
●
Using the SAP
Cryptographic Library for SNC
●
Importing Public Key
Certificates into SAP Web AS
Import Application Certificate into TREX Key Store
On TREX side you import the application certificate from the file where you stored it into the TREX SAPSNCS.pse keystore using the following command:
sapgenpse maintain_pk -a SAPSNCS.r3.crt –p SAPSNCS.pse
Overview of Commands for SAPGENPSE
Command |
Function |
sapgenpse |
Starts the SAPGENPSE cryptography tool. |
maintain_pk |
Function of SAPGENPSE that imports the certificate to the keystore. |
-a <EXPORTED_FILENAME>.r3.crt |
Enter the file name of the certificate of the application to be imported. <EXPORTED_FILENAME>.r3.crt is a placeholder for the exported certificate. |
- p SAPSNCS.pse |
You specify the file name of the keystore that is to contain the certificate here. |
Result
The application certificate is imported into the TREX keystore.