Maintaining the System PSE
Maintaining the System PSE
Use
The system PSE maintenance is available as of Release 4.5B.
Use the PSE maintenance to maintain and monitor the system PSEs.
You can:
Procedure
The PSE Management screen shows the status of all of the application servers' PSEs.
The following statuses are possible:
The status of the RFC connection to the application server can be one of the following:
The PSE and SSF status can be:
This status indicates that a system PSE for the application server has been installed and accessible.
This status indicates that an external security product has been installed and that a system PSE exists on the application server; however, the system PSE cannot be accessed. The most common cause of this error is that no credentials exist on the application server. To correct this error, use the function Create credentials.
This indicates that the SAPSECULIB has not been installed.
This indicates that no system PSE exists on the application server. To correct this error, use either Create PSE or Import PSE.
This error indicates that the version of the PSE on the application server does not coincide with the version that is stored in the database. To correct this error, use Create PSE or Import PSE.
The following table shows the functions you can perform:
PSE Maintenance Functions
Function |
Follow-on menu path |
What you should know |
Generate a new system PSE and distribute it to all of the application servers. |
→ PSE → Generate |
This function creates a new PSE on the chosen application server, imports it into the database, and distributes it to all of the remaining application servers. PSEs that already exist are overwritten. |
Import a local PSE and distribute it as the system PSE to all application servers. |
→ PSE → Import |
This function imports a local PSE into the database and distributes it to all of the application servers. PSEs that already exist are overwritten. |
Change the PIN that protects the system PSE. |
→ PSE → Change PIN |
The default system PSE is not protected with a PIN. We recommend you assign a PIN to protect the PSE. |
Create credentials for the system PSE |
→ PSE → Create credentials |
The application server needs credentials to access its system PSE. Although credentials normally exist for an application server, occasionally you may have to create new ones, for example, for a newly configured application server that has not yet accessed its system PSE. |
Function |
Use Push-Button |
What you should know |
Change the list of certificates to use for verification |
|
With this function you can maintain a list of public-key certificates that can be used by the system to verify other users' or system components' digital signatures. |
Export a version of the system PSE that can be used by others to verify the system's digital signatures. |
|
This PSE contains only the public information from the system PSE (for example, the system's public-key certificate and the system's public-key). This information can be distributed to others to be used to verify the system's digital signatures. |
Issue a certificate request on the SAP CA. |
|
With this function, a public-key pair and a public-key certificate are generated. The public-key certificate is then sent to the SAP CA to be signed. |
Insert the certificate request response received from the SAP CA. |
|
With this function, you import the returned response (signed public-key certificate) into the system. |
Certificate list
Verification PSE
Certificate request