You need the system environment variable SECURID and the corresponding directory in order to store the license ticket ( ticket) and the keystores to be created ( SAPSSLS.pse, SAPSSLC.pse, SAPSSLA.pse). Set up the variable by checking existing environment variables and creating SECUDIR if it does not already exist.
The environment variable SECUDIR may already exist on your host as a result of a secure communication configuration. Proceed as follows to check whether SECUDIR already exists.
Choose Start Settings Control Panel System .
Choose Environment Variables from the Advanced tab.
You can check existing environment variables on the Environment Variables screen under System Variables.
If the system environment variable SECUDIR does not already exist, you have to create it anew for the configuration of the cryptography tool SAPGENPSE. Proceed as follows.
Create the <drive>:\usr\sap\TREX\sec directory.
You have to assure that the users of the TREX web server as well as the TREX user have the needed permissions on this directory otherwise the security files will not be accessible.
Choose Start Settings Control Panel System .
Choose Environment Variables from the Advanced tab.
Choose System Variables and New on the Environment Variables screen.
Enter SECUDIR as the variable name and <drive>:\usr\sap\TREX\sec as the variable value. Confirm with OK.
Restart your computer so that the new system variable SECUDIR is recognized by your operating system.
Recommended Storage Locations
Files |
Storage Location |
sapcrypto.dll sapgenpse.exe |
Central directory for executables - DIR_CT_RUN: <drive>:usr\SAP\<SAPSID>\SYS\exe\nuc\<OS>, for example C:\SAP\B47\SYS\exe\nuc\NT386 The variable DIR_CT_RUN specifies the path to the central directory for executables. The Central Patch Environment (CPE) takes care of the automatic synchronization of executables and copies them from the central directory into the local TREX directory for executables ( DIR_INSTANCE\exe; <drive>:usr\SAP\<SAPSID>\SYS\TRX<instance_number>\exe). Note
To ensure that automatic synchronization takes place, activate CPE support for TREX security. More information: Enabling CPE Support for TREX Security The CIR_CT_RUN variable is defined in the START_TRX<instance_number>_<host> start profile in the SAP system profile directory of your TREX installation: <SAPGLOBALHOST>\sapmnt\<SAPSID>\SYS\profile, for example C:usr\SAP\<SAPSID>\SYS\profile. |
ticket SAPSSLS.pse SAPSSLC.pse SAPSSLA.pse SAPSSNCS.pse, |
SECUDIR directory for ticket and key store: <drive>:\usr\sap\TREX\sec You have to define a system environment variable SECURDIR, which points to this directory. If the system environment variable SECUDIR and the corresponding directory do not exist, you have to create them both. |
You create the SAPSSLS.pse, SAPSSLC.pse, SAPSSLA.pse, and SAPSSNCS.pse keystores using the SAPGENPSE cryptography tool. These are not part of the SAP Cryptographic Library installation package.
Refer to the notes for using keystores.
Save the downloaded files sapcrypto.dll, sapgenpse.exe and ticket, and the generated keystores, in a backup directory. These files may be lost if you completely reinstall TREX. If this happens, you can copy these files either to the central directory for executables (in the case of sapcrypto.dll and sapgenpse.exe) or to the directory of the system environment variable SECUREDIR (in the case of ticket and the key stores). Your security configuration will then be available again.
You have configured the cryptography tool SAPGENPSE on Windows and can now use it to configure secure communication.
Starting SAPGENPSE
You start the cryptography tool SAPGENPSE using a prompt.
Execute the executable file sapgenpse in the directory in which you defined the system environment variable SECUDIR. The cryptography tool SAPGENPSE generates the keystores and stores them in this directory.