Export and Import of TREX Certificates
To join the security information you export the TREX certificate that is stored in the keystore on TREX side and import this certificate on application side.
-
The SAP Cryptographic Library is installed on the application server.
-
The environment variable SECUDIR is set to the location where the PSE is stored.
-
The SNC PSE exists on the application server.
-
The TREX certificate exists as a file in the file system.
Export TREX Certificate
Use the following command line to export the TREX certificate to the file SAPSNCS.trex.crt:
sapgenpse export_own_cert -o SAPSNCS.trex.crt -p SAPSNCS.pse
|
Command |
Function |
|
sapgenpse |
Starts the cryptography tool SAPGENPSE. |
|
export_own_cert |
Function of SAPGENPSE that exports the certificate to the keystore. |
|
-o <EXPORTED_FILENAME>.trex.crt |
Enter the file name of the TREX certificate to be exported. |
|
- p SAPSNCS.pse |
You specify the file name of the keystore that is to contain the root certificate here. |
Import TREX Certificate on Application Side
You import the TREX certificate into the certificate list of the application server. You do this using the trust manager (transaction STRUST):
-
Start the transaction STRUST.
-
Select the SNC PSE.
Information about the SNC PSE appears in the maintenance section.
-
In the section Certificate, choose the button Import certificate. The Import Certificate dialog appears.
-
Select the certificate (for example, the file SAPSNCS.trex.crt) from the destination where your stored it during the TREX certificate export. Choose Base64.as file format.
Information about the certificate appears in the section Certificate.
-
Choose Add to Certificate List.
The certificate is added to the Certificate List.
-
Save your data.
The TREX certificate is added to the certificate list of the application server.