Importing the Root Certificate of the Web Server
You import the root certificate of the Web server of the application using TREX to the SAPSSLS.pse keystore that you just created. You do this using the cryptography tool SAPGENPSE.
If the actual storage location for the documents that the preprocessor refers to is located on a Web server outside of a secure system landscape, you must also register the root certificate of this Web server with the preprocessor by importing it on the server in question.
During the security configuration of the application using TREX (for example, SAP Enterprise Portal) you registered a root certificate with the Web server of the application in question. You then import this certificate using SAPGENPSE.
You start the cryptography tool SAPGENPSE using a prompt.
Execute the executable file sapgenpse in the directory in which you defined the environment variable SECUDIR. The cryptography tool SAPGENPSE generates the keystores and stores them in this directory.
-
Start the import by SAPGENPSE by entering the following:
sapgenpse maintain_pk -a <EXPORTED_FILENAME>.cer -p SAPSSLS.pse
Command
Function
sapgenpse
Starts the SAPGENPSE cryptography tool.
maintain_pk
Function of SAPGENPSE that imports the root certificate to the keystore.
-a <EXPORTED_FILENAME>.cer
Enter the file name of the root certificate of the portal Web server to be imported.
<EXPORTED_FILENAME>.cer is a placeholder for the exported certificate.
-p SAPSSLS.pse
You specify the file name of the keystore that is to contain the root certificate here.
CautionAccess Sequence
Check whether keystores already exist in your SECUDIR directory. The SAPCRYPTOLIB accesses existing keystores in the following sequence:
1. SAPSSLA.pse
2. SAPSSLC.pse
3. SAPSSLS.pse
Therefore, you must also import the root certificate for the portal Web server in the keystores SAPSSLA.pse and SAPSSLC.pse if they exist. Otherwise you receive an error message.
You have configured anonymous client authentication between the TREX preprocessor and the Web server.