You need the system environment variable SECURID and the corresponding directory in order to store the license ticket (ticket) and the keystores to be created (SAPSSLS.pse, SAPSSLC.pse, SAPSSLA.pse). Set up the variable by checking existing environment variables and creatingSECUDIR if it does not already exist.
Checking Whether SECUDIR Exists
The environment variable SECUDIR may already exist on your host as a result of a secure communication configuration. Proceed as follows to check whether SECUDIR already exists.
Creating SECUDIR and its Directory
If the system environment SECUDIR does not already exist, you have to create it anew for the configuration of the cryptography tool SAPGENPSE.Proceed as follows.
You have to assure that the users of the TREX web server as well as the TREX user have the needed permissions on this directory otherwise the security files will not be accessible.
Saving Files in Recommended Storage Locations
Recommended Storage Locations
Files | Storage Location |
---|---|
sapcrypto.dll sapgenpse.exe |
Central directory for executablesDIR_CT_RUN: <drive>:usr\SAP\<SAPSID>\SYS\exe\nuc\<OS>, for example C:\SAP\B47\SYS\exe\nuc\NT386 The variableDIR_CT_RUN specifies the path to the central directory for executables. The Central Patch Environment (CPE) takes care of the automatic synchronization of executables and copies them from the central directory into the local TREX directory for executables (DIR_INSTANCE\exe; <drive>:usr\SAP\<SAPSID>\SYS\TRX<instance_number>\exe). Note
To ensure that the automatic synchronization can take place you have toenable CPE support for TREX Security. The variableCIR_CT_RUN is defined in the start profile START_TRX<instance_number>_<host>, which you find in the SAP system profile directory of your TREX installation: <SAPGLOBALHOST>\sapmnt\<SAPSID>\SYS\profile, for example C:usr\SAP\<SAPSID>\SYS\profile. |
ticket SAPSSLS.pse SAPSSLC.pse SAPSSLA.pse SAPSSNCS.pse, |
SECUDIR directory for ticket and key store:<drive>:\usr\sap\TREX\sec You have to define a system environment variable SECURDIR, which points to this directory. If the system environment variable SECUDIR and the corresponding directory do not exist, you have to create them both. |
You create the keystores SAPSSLS.pse, SAPSSLC.pse,SAPSSLA.pse, and SAPSSNCS.pse using the cryptography tool SAPGENPSE. These are not part of the SAP Cryptographic Library installation package.
Refer to the notes forusing keystores.
Save the downloaded files sapcrypto.dll, sapgenpse.exe and ticket, and the generated key stores, in a backup directory. These files may be lost if you completely reinstall TREX. If this happens, you can copy these files either to the central directory for executables (in the case of sapcrypto.dll and sapgenpse.exe) or to the directory of the system environment variable SECUREDIR (in the case of ticket and the key stores). Your security configuration will then be available again.
Result
You have configured the cryptography tool SAPGENPSE on Windows and can now use it to configure secure communication.
Starting SAPGENPSE
You start the cryptography tool SAPGENPSE using a prompt.
Execute the executable file sapgenpse in the directory in which you defined the system environment variableSECUDIR.The cryptography tool SAPGENPSE generates the keystores and stores them in this directory.