Exporting a PKCS#12 File
Use this procedure to export the key pair from a PSE file to a file in PKCS#12 format.
- The SAP Cryptographic Library is available. For more information, see SAP Note
1848999
. - The PSE exists on the server.
Use the following command line to export the key pair to a PKCS#12 file:
sapgenpse export_p12 <additional options> [-p <pse file>] <filename>.p12
Where:
Standard Options
| Option | Parameter | Description | Allowed Values | Default |
|---|---|---|---|---|
|
-p |
<PSE_name> |
Path and file name for the server's PSE |
Path description (in quotation marks, if spaces exist) |
None |
The following command line exports the application server's PSE (<SID> = ABC) to a file in PKCS#12 format at D:\usr\sap\ABC\DVEBMGS28\sec\ABC.p12.
sapgenpse export_p12 -p D:\usr\sap\ABC\DVEBMGS28\sec\ABC.pse D:\usr\sap\ABC\DVEBMGS28\sec\ABC.p12
Additional Options
| Option | Parameter | Description | Allowed Values | Default |
|---|---|---|---|---|
|
-x |
<PIN> |
PIN that protects the PSE |
Character string |
None |
|
-z |
<password> |
Password to use for encrypting the P12 file |
Character string |
None |
|
-C |
<count> |
Include <count> hierarchy certs (0=all incl. PKRoot) |
Integer |
0 |
|
-w |
None |
Use WEAK (=40-bit) encryption for private key |
None |
None |
|
-f |
<pse|cn|dn> |
Select the PSE filename, the CN part of the Distinguished Name, or the full subject of the Distinguished Name to use for the friendly name to identify the key pair |
pse, cn, or dn |
None |
|
-F |
<fr_name> |
Set <fr_name> as friendly name for the exported keypair (overrides any-f selection) |
Character string |
None |