You have to save the downloaded executables of the SAP Cryptographic Library ( libsapcrypto.<ext>), the key stores to be created ( SAPSSLS.pse, SAPSSLC.pse, SAPSNCS.pse, and SAPSSLA.pse), and the downloaded license ticket ( ticket) in the recommended storage locations.
The following prerequisites have been assured automatically:
The directory for storing the license ticket ( ticket) and for storing the key stores to be created ( SAPSSLS.pse, SAPSSLC.pse, SAPSNCS.pse, and SAPSSLA.pse) has been created during the TREX installation procedure.
The environment variables SECUDIR (DIR_INSTANCE/sec;SAP/<SAPSID>/SYS/TRX<instance_number>/sec) and SNC_LIB (DIR_EXECUTABLE/libsapcrypto.so) are both needed by SAPGENPSE.
These variables are set by the shell script TREXSettings.* (TREXSettings.sh for Bourne shell sh, Bourne-again shell bash, and Korn shell ksh; TREXSettings.csh for C shell csh) during the startup of TREX.
Saving Files in Recommended Storage Locations
For example, libsapcrypto.so for the SUN operating system
Central directory for executables DIR_CT_RUN: usr/SAP/<SAPSID>/SYS/exe/nuc/<OS>
The variable DIR_CT_RUN specifies the path to the central directory for executables.
The variable CIR_CT_RUN is defined in the start profile START_TRX<instance_number>_<host>, which you find in the SAP system profile directory of your TREX installation: <SAP System Mount Directory>/<sapsid>/profile
The Central Patch Environment (CPE) takes care of the automatic synchronization of executables and copies them from the central directory to the local TREX directory for executables ( $ DIR_INSTANCE)/exe: /usr/sap/<SAPSID>/SYS /TRX<instance_number>/exe).
To ensure that automatic synchronization takes place, activate CPE support for TREX security. See: Enabling CPE Support for TREX Security
SECUDIR directory for ticket and key stores:
The directory for storing license ticket and key stores has been built during the TREX installation procedure. The environment variable SECUDIR (DIR_INSTANCE/sec) is set by the shell script TREXSettings.* during the startup of TREX.
You create the SAPSSLS.pse, SAPSSLC.pse, SAPSSLA.pse, and SAPSSNCS.pse keystores using the SAPGENPSE cryptography tool. These are not part of the SAP Cryptographic Library installation package.
Refer to the notes for using keystores.
Save the downloaded files libsapcrypto.so (HP-UX: libsapcrypto.sl), sapgenpse, and ticket and the generated keystores in a backup directory. These files may be lost if you completely reinstall TREX. If this happens, you can copy these files either to the central directory for executables (in the case of libsapcrypto.so (HP-UX: libsapcrypto.sl), sapgenpse) or to the directory of the system environment variable SECUDIR (in the case of ticket and the generated keystores). Your security configuration will then be available again.
You have configured the cryptography tool SAPGENPSE on UNIX and can now use it to configure secure configuration.
Start the cryptography tool SAPGENPSE using a prompt.
Execute the executable file sapgenpse in the directory in which you defined the environment variable SECUDIR. The cryptography tool SAPGENPSE generates the keystores and stores them in this directory.