Show TOC

Exchanging Public-Key CertificatesLocate this document in the navigation structure

To be able to communicate using SNC, the servers must be able to identify each other. You can either use a single PSE for all servers, or you can create an individual PSE for each one.

For more information, see:

If you use a single PSE for all components, then generate the PSE on one server and copy it to the appropriate location on the other servers. You can therefore skip the following procedures. Continue then with any connection-specific configurations.

If you use individual PSEs for  components, then use the procedures that follow to exchange the servers' public-keys so that they can identify each other when using SNC.

Note

If you use individual PSEs and exchange certificates, then you should only exchange those public-key certificates between the specific communication partners. For example, when configuring an SNC connection between the AS Java and the AS ABAP, exchange only these two servers' public-key certificates.

Prerequisites
  • The SAP Cryptographic Library is available. For more information, see SAP Note 1848999 Information published on SAP site.
  • The PSE exists on the server.
Procedure

For each of the SNC communication paths:

  1. On one of the communication partner's servers, export its public-key certificate from its PSE (sapgenpse export_own_cert command).
  2. Import it into the other server's PSE (sapgenpse maintain_pk command).
  3. Export this server's public-key certificate from its PSE (sapgenpse export_own_cert command).
  4. Import this server's public-key certificate into the original server's PSE (sapgenpse maintain_pk command).

For more information on the corresponding sapgenpse commands, see: