You use the cryptography tool SAPGENPSE to generate a keystore in which you can store a certificate. You only need this keystore for storing the root certificate of the portal Web server. It is therefore not necessary that you send the generated certificate request to your CA.
Procedure
You start the cryptography tool SAPGENPSE using a prompt.
Execute the executable file sapgenpse in the directory in which you defined the environment variable SECUDIR. The cryptography tool SAPGENPSE generates the keystores and stores them in this directory.
Command | Function |
---|---|
sapgenpse |
Starts the cryptography tool SAPGENPSE. |
gen_pse |
Function of SAPGENPSE that you can use to generate a new keystore and a certificate request. |
- p SAPSSLS.pse |
You specify the file name of the keystore that contains the certificate here. |
You are now asked to give more precise specifications on the certificates that you want to generate. Proceed according to the following table:
Prompt | Function/Entry |
---|---|
Please enter PIN: |
Do not enter a value. Confirm with Return. |
Please reenter PIN: |
Do not enter a value. Confirm with Return. |
get_pse: Distinguished name of PSE owner: |
Specifies the distinguished name (DN) of the certificate owner. Make the following specifications: CN=myhost.mydomain, C=mycountry, S=mystate, O=mycompany, OU=mydepartment Tip :
CN=p64883.wdf.sap.corp, C=DE, S=BW, O=SAP-AG, OU=TREX |
sapgenpse seclogin -p SAPSSLS.pse -O <SAPSID>adm
sapgenpse seclogin -p SAPSSLS.pse -O <IIS_user>
sapgenpse seclogin -p SAPSSLS.pse -O P78121\IUSR_SAP-DD9CE47C712
You determine the IIS user using the Windows administration tool Internet Information Services.
Command | Function |
---|---|
seclogin |
Function of SAPGENPSE that you use to initialize a new keystore for use. |
- p SAPSSLS.pse |
Specify the file name of the keystore that you want to initialize. |
-O trex_<instance_number> or IIS_user |
You use this command to give the user of the TREX instance (created during the installation) and the user on which the IIS is running access to the keystore. |
Result
You have created a keystore SAPSSLS.pse into which you can import the root certificate of the portal Web server and store it there.