You have to save the downloaded executables of the SAP Cryptographic Library (libsapcrypto.<ext>), the key stores to be created (SAPSSLS.pse, SAPSSLC.pse, SAPSNCS.pse, SAPSSLA.pse), and the downloaded license ticket (ticket) in the recommended storage locations.
Prerequisites
The following prerequisites have been assured automatically:
These variables will be set by the shell scriptTREXSettings.* (TREXSettings.sh for Bourne shellsh, Bourne-again shellbash, and Korn shellksh;TREXSettings.csh for C shellcsh) during the start up of TREX.
Saving Files in Recommended Storage Locations
Files | Storage Location |
---|---|
sapgenpse libsapcrypto.<ext> for example,libsapcrypto.so for the operating system SUN |
Central directory for executablesDIR_CT_RUN: usr/SAP/<SAPSID>/SYS/exe/nuc/<OS> The variableDIR_CT_RUN specifies the path to the central directory for executables. Note
The variableCIR_CT_RUN is defined in the start profile START_TRX<instance_number>_<host>, which you find in the SAP system profile directory of your TREX installation: <SAP System Mount Directory>/<sapsid>/profile The Central Patch Environment (CPE) takes care of the automatic synchronization of executables and copies them from the central directory into the local TREX directory for executables ($ (DIR_INSTANCE)/exe: /usr/sap/<SAPSID>/SYS /TRX<instance_number>/exe). Note
To ensure that the automatic synchronization can take place you have toenable CPE support for TREX Security. |
ticket SAPSSLS.pse SAPSSLC.pse SAPSSLA.pse SAPSSNCS.pse |
SECUDIR directory for ticket and key stores: SAP/<SAPSID>/SYS/TRX<instance_number>/sec The directory for storing license ticket and key stores has been built during the TREX installation procedure. The environment variable SECUDIR(DIR_INSTANCE/sec) will be set by the shell scriptTREXSettings.* during the start up of TREX. |
You create the keystores SAPSSLS.pse, SAPSSLC.pse, SAPSSLA.pse, andSAPSSNCS.pse using the cryptography tool SAPGENPSE. These are not part of the SAP Cryptographic Library installation package.
Refer to the notes forusing keystores.
Save the downloaded files libsapcrypto.so (HP-UX: libsapcrypto.sl), sapgenpse, and ticket and the generated key stores in a backup directory. These files may be lost if you completely reinstall TREX. If this happens, you can copy these files either to the central directory for executables (in the case of libsapcrypto.so (HP-UX: libsapcrypto.sl), sapgenpse) or to the directory of the system environment variable SECUDIR (in the case of ticket and the generated keystores). Your security configuration is then available again.
Result
You have configured the cryptography tool SAPGENPSE on UNIX and can now use it to configure secure configuration.
Starting SAPGENPSE
Start the cryptography tool SAPGENPSE using a prompt.
Execute the executable file sapgenpse in the directory in which you defined the environment variable SECUDIR. The cryptography tool SAPGENPSE generates the key stores and stores them in this directory.