Start of Content Area

Procedure documentation Export and Import of Application Certificate  Locate the document in its SAP Library structure

Use

To join the security information you export the certificate of the application and import it into TREX keystore.

Prerequisites

      The SAP Cryptographic Library is installed on the application server.

      The SECUDIR environment variable is set to the location where the PSE keystore is stored.

      The SNC PSE exists on the application server.

Export Application Certificate

For the export of the application certificate, you use the trust manager (transaction STRUST):

...

       1.      Start the transaction STRUST.

       2.      Choose SNC (SAPCryptolib) and select the keystore.

Information about the keystore appears in the Maintenance section.

       3.      Double-click the application certificate that is displayed in Own Certificate.

Information about the certificate appears in the section Certificate.

       4.      In the Certificate section, choose Export certificate.

The export dialog appears.

       5.      Save the certificate to the destination (for example, to a local file SAPSNCS.r3.crt in the TREX SECUDIR directory. Now the certificate of the application is located on the file system.

 

More Information

      Using the SAP Cryptographic Library for SNC 

      Importing Public Key Certificates into SAP Web AS 

Import Application Certificate into TREX Key Store

On TREX side you import the application certificate from the file where you stored it into the TREX SAPSNCS.pse keystore using the following command:

sapgenpse maintain_pk -a SAPSNCS.r3.crt –p SAPSNCS.pse

 

Overview of Commands for SAPGENPSE

Command

Function

sapgenpse

Starts the SAPGENPSE cryptography tool.

maintain_pk

Function of SAPGENPSE that imports the certificate to the keystore.

-a <EXPORTED_FILENAME>.r3.crt

Enter the file name of the certificate of the application to be imported.

<EXPORTED_FILENAME>.r3.crt is a placeholder for the exported certificate.

- p SAPSNCS.pse

You specify the file name of the keystore that is to contain the certificate here.

 

Result

The application certificate is imported into the TREX keystore.

 

 

 

End of Content Area