Export and Import of TREX
Certificate
Use
To join the security information you export the TREX certificate which is stored inside the keystore on TREX side and import this certificate on application side.
Prerequisites
● The SAP Cryptographic Library is installed on the application server.
● The SECUDIR environment variable is set to the location where the PSE keystore is stored.
● The SNC PSE exists on the application server.
● The TREX certificate exists as a file in the file system.
Export TREX Certificate
Use the following command line to export the TREX certificate to the SAPSNCS.trex.crt file:
sapgenpse export_own_cert -o SAPSNCS.trex.crt -p SAPSNCS.pse
Command |
Function |
sapgenpse |
Starts the SAPGENPSE cryptography tool. |
export_own_cert |
Function of SAPGENPSE that exports the certificate to the key store. |
-o <EXPORTED_FILENAME>.trex.crt |
Enter the file name of the TREX certificate to be exported. |
- p SAPSNCS.pse |
You specify the file name of the keystore that is to contain the root certificate here. |
Import TREX Certificate on Application Side
You import the TREX certificate into the certificate list of the application server. You do this using the trust manager (transaction STRUST):
...
1. Start transaction STRUST.
2. Select the SNC PSE.
Information about the SNC PSE appears in the maintenance section.
3.
In the Certificate
section, choose the
Import
Certificate.
The Import Certificate dialog box
appears.
4. Select the certificate (for example, SAPSNCS.trex.crt) from the destination where your stored it during the TREX certificate export. Choose Base64.as the file format.
Information about the certificate appears in the Certificate section.
5. Choose Add to Certificate List.
The certificate is added to the Certificate List.
6. Save your data.
See also
●
Using the SAP
Cryptographic Library for SNC
●
Importing Public Key
Certificates into SAP Web AS
Result
The TREX certificate is added to the certificate list of the application server.