Setting Up SECUDIR and Saving Files (Windows)

Use

You need the system environment variable SECURID and the corresponding directory in order to store the license ticket (ticket) and the keystores to be created (SAPSSLS.pse, SAPSSLC.pse, SAPSSLA.pse). Set up the variable by checking existing environment variables and creatingSECUDIR if it does not already exist.

Checking Whether SECUDIR Exists

The environment variable SECUDIR may already exist on your host as a result of a secure communication configuration. Proceed as follows to check whether SECUDIR already exists.

Choose Start → Settings →Control Panel →System.
Choose Environment Variables from the Advanced tab.
You can check existing environment variables on the Environment Variables screen under System Variables.

Creating SECUDIR and its Directory

If the system environment SECUDIR does not already exist, you have to create it anew for the configuration of the cryptography tool SAPGENPSE.Proceed as follows.

Create the directory <drive>:\usr\sap\TREX\sec.
Note
You have to assure that the users of the TREX web server as well as the TREX user have the needed permissions on this directory otherwise the security files will not be accessible.
Choose Start → Settings → Control Panel → System.
Choose Environment Variables from the Advanced tab.
Choose System Variables and New in the Environment Variables screen.
Enter SECUDIR as the variable name and <drive>:\usr\sap\TREX\sec as the variable value. Confirm with OK.
Restart your computer so that the new system variable SECUDIR is recognized by your operating system.

Saving Files in Recommended Storage Locations

Recommended Storage Locations

Files	Storage Location
sapcrypto.dll sapgenpse.exe	Central directory for executables`DIR_CT_RUN`: <drive>:usr\SAP\<SAPSID>\SYS\exe\nuc\<OS>, for example C:\SAP\B47\SYS\exe\nuc\NT386 The variable`DIR_CT_RUN` specifies the path to the central directory for executables. The Central Patch Environment (CPE) takes care of the automatic synchronization of executables and copies them from the central directory into the local TREX directory for executables (DIR_INSTANCE\exe; <drive>:usr\SAP\<SAPSID>\SYS\TRX<instance_number>\exe). Note To ensure that the automatic synchronization can take place you have toenable CPE support for TREX Security. The variable`CIR_CT_RUN` is defined in the start profile START_TRX<instance_number>_<host>, which you find in the SAP system profile directory of your TREX installation: <SAPGLOBALHOST>\sapmnt\<SAPSID>\SYS\profile, for example C:usr\SAP\<SAPSID>\SYS\profile.
ticket SAPSSLS.pse SAPSSLC.pse SAPSSLA.pse `SAPSSNCS.pse`,	`SECUDIR` directory for ticket and key store:`<drive>:\usr\sap\TREX\sec` You have to define a system environment variable SECURDIR, which points to this directory. If the system environment variable SECUDIR and the corresponding directory do not exist, you have to create them both.

Files

Storage Location

sapcrypto.dll

sapgenpse.exe

Central directory for executablesDIR_CT_RUN: <drive>:usr\SAP\<SAPSID>\SYS\exe\nuc\<OS>, for example C:\SAP\B47\SYS\exe\nuc\NT386

The variableDIR_CT_RUN specifies the path to the central directory for executables. The Central Patch Environment (CPE) takes care of the automatic synchronization of executables and copies them from the central directory into the local TREX directory for executables (DIR_INSTANCE\exe; <drive>:usr\SAP\<SAPSID>\SYS\TRX<instance_number>\exe).

Note

To ensure that the automatic synchronization can take place you have toenable CPE support for TREX Security.

The variableCIR_CT_RUN is defined in the start profile START_TRX<instance_number>_<host>, which you find in the SAP system profile directory of your TREX installation: <SAPGLOBALHOST>\sapmnt\<SAPSID>\SYS\profile, for example C:usr\SAP\<SAPSID>\SYS\profile.

ticket

SAPSSLS.pse

SAPSSLC.pse

SAPSSLA.pse

SAPSSNCS.pse,

SECUDIR directory for ticket and key store:<drive>:\usr\sap\TREX\sec

You have to define a system environment variable SECURDIR, which points to this directory. If the system environment variable SECUDIR and the corresponding directory do not exist, you have to create them both.

You create the keystores SAPSSLS.pse, SAPSSLC.pse,SAPSSLA.pse, and SAPSSNCS.pse using the cryptography tool SAPGENPSE. These are not part of the SAP Cryptographic Library installation package.

Refer to the notes forusing keystores.

Save the downloaded files sapcrypto.dll, sapgenpse.exe and ticket, and the generated key stores, in a backup directory. These files may be lost if you completely reinstall TREX. If this happens, you can copy these files either to the central directory for executables (in the case of sapcrypto.dll and sapgenpse.exe) or to the directory of the system environment variable SECUREDIR (in the case of ticket and the key stores). Your security configuration will then be available again.

Result

You have configured the cryptography tool SAPGENPSE on Windows and can now use it to configure secure communication.

Starting SAPGENPSE

You start the cryptography tool SAPGENPSE using a prompt.

Execute the executable file sapgenpse in the directory in which you defined the system environment variableSECUDIR.The cryptography tool SAPGENPSE generates the keystores and stores them in this directory.