Importing the Certificate Request
Responses 
Use
The CA will send you a certificate request response that contains the signed public-key certificate for the SAP Web Dispatcher. Once you have received this response, import it into the SAP Web Dispatcher’s corresponding PSE. You can either use the trust manager or you can use the configuration tool sapgenpse. See the procedures below.
Prerequisites
· If you are using sapgenpse, then each certificate request response exists as a file in the file system. Otherwise, if you are using the trust manager, then the responses can either exist as a file or you can use Copy&Paste to insert it into the PSE.
· If the certificate request responses do not contain the CA’s root certificate, then you also have access to this certificate. If you are using the trust manager, then it must exist in the trust manager’s database. If you are using sapgenpse, then it exists as a file in the file system.
Procedure
Importing the Certificate Request Response Using the Trust Manager
If you used the trust manager to create the SAP Web Dispatcher’s PSE, then you can easily use it again to import the certificate request response. For each of the PSEs that you created, perform the following:
...
1. If the certificate request dialog is still open, then close it.
2. If the SAP Web Dispatcher’s PSE is not loaded in the PSE maintenance section, then load it by selecting the File node with a double-click and selecting the PSE from the file system.
3.
In the PSE
maintenance section, choose 
Import Cert.
Response.
The dialog for the certificate response appears.
4. Insert the contents of the certificate request response into the dialog’s text box either using Copy&Paste or by loading the file from the file system.
The signed public-key certificate is imported into the SAP Web Dispatcher’s PSE, which is displayed in the PSE maintenance section. You can view the certificate by selecting it with a double-click. The certificate information is then shown in the certificate maintenance section.
5. Create a PIN for the PSE.
Although a PIN for the PSE is optional, we recommend using a PIN to protect the PSE, especially if the SAP Web Dispatcher is located in your demilitarized zone.
6. Save the data in the trust manager.
You are prompted for the location to which to save the PSE. Replace the PSE that you created earlier.
7. If you saved the PSE to a local file on the application server, then copy it to the SECUDIR directory on the SAP Web Dispatcher.
Importing the Certificate Request Response Using SAPGENPSE
As an alternative, you can use the configuration tool sapgenpse to import the certificate request response into the PSEs. Use the tool’s command import_own_cert as shown below.
sapgenpse import_own_cert <Additional_options> -p <PSE_file> -c <Cert_file> [-r <RootCA_cert_file>] -x <PIN>
Where:
Standard Options
Option |
Parameter |
Description |
Allowed Values |
Default |
-p |
<PSE_Name> |
Path and file name of the PSE. The path is the SECUDIR directory and the file name is SAPSSLS.pse. for the SSL server PSE or SAPSSLC.pse for the SSL client PSE (if it exists). |
Path description (in quotation marks, if spaces exist) |
None |
-c |
<Cert_file> |
Path and file name of the certificate request response |
Path description (in quotation marks, if spaces exist) |
None |
-r |
<RootCA_cert_ |
File containing the CA’s root certificate (and any intermediate CA certificates). This parameter is necessary if the CA root and any intermediate CA certificates are not included in the certificate request response. |
Path description (in quotation marks, if spaces exist) |
Not set |
-x |
<PIN> |
PIN that protects the PSE |
Character string |
None |
Result
The certificate request response is imported into the PSE.
The following command line imports the certificate request response (ABC.cer) into the SAP Web Dispatcher’s SSL server PSE that is stored at C:\Program Files\SAP\SAPWebDisp\sec\SAPSSLS.pse. (SECUDIR is set to C:\Program Files\SAP\SAPWebDisp\sec). The PIN that protects the PSE is abcpin.
sapgenpse import_own_cert –c ABC.cer –p SAPSSLS.pse –x abcpin