Exporting and Importing Application Certificates
To join the security information you export the certificate of the application and import it into TREX key store.
Prerequisites
- The SAP Cryptographic Library is installed on the application server.
- The environment variable SECUDIR is set to the location where the keystore PSE is stored.
- The SNC PSE exists on the application server.
Exporting the Application Certificate
For the export of the application certificate you use the trust manager (transaction STRUST):
- Start the transaction STRUST.
- Choose the node SNC (SAPCryptolib)and select the key store.
Information about the keystore appears in the maintenance section.
- Double click the application certificate that is displayed in the section Own Certificate.
Information about the certificate appears in the section Certificate.
- In the section Certificate, choose the button Export certificate.
The export dialog appears.
- Save the certificate to the destination (for example, to a local file SAPSNCS.r3.crt in the TREX directory SECUDIR). Now the certificate of the application is located on the file system.
Importing the Application Certificate into the TREX Keystore
On TREX side you import the application certificate from the file where you stored it into the TREX key store SAPSNCS.pse by the following command:
sapgenpse maintain_pk -a SAPSNCS.r3.crt -p SAPSNCS.pse
Overview of Commands for SAPGENPSE
|
Command |
Function |
|
sapgenpse |
Starts the cryptography tool SAPGENPSE. |
|
maintain_pk |
Function of SAPGENPSE that imports the certificate to the key store. |
|
-a <EXPORTED_FILENAME>.r3.crt |
Enter the file name of the certificate of the application to be imported. <EXPORTED_FILENAME>.r3.crt is a placeholder for the exported certificate. |
|
- p SAPSNCS.pse |
You specify the file name of the key store that is to contain the certificate here. |
Result
The application certificate is imported into the TREX key store.