Use the procedure below to create the PSE that the server will use for SNC.
If you are using a single PSE for all server components and you have already created the PSE on a different server, then see Importing the SNC PSE.
· The SAP Cryptographic Library is installed on the application server.
If the SAP Cryptographic Library is not installed, then the trust manager does not display the node for the SNC PSE.
· The environment variable SECUDIR is set to the location where the PSE is stored.
· The naming convention you use for the Distinguished Name must match the Distinguished Name part of the server's SNC name that you define in the profile parameter snc/identity/as. If this profile parameter is not yet set, then you can still specify the server's Distinguished Name, but you receive a warning that you have to maintain the profile parameter. (See also Setting the SNC Profile Parameters.)
· In addition, the server's Distinguished Name for SNC must be unique. It cannot also be used in a different PSE, for example, the system PSE.
Using the trust manager (transaction STRUST):
...
1. Select the SNC PSE node.
2. Using the context menu, choose Create (if no PSE exists) or Replace.
The <Create/Replace> PSE dialog appears.
3. If the server's SNC name is defined in the profile parameter snc/identity/as, then the system automatically determines the Distinguished Name accordingly. Otherwise, enter the Distinguished Name parts in the corresponding fields, for example:
· Name = <SID>
· Org. (opt.) = Test
· Comp./Org. = MyCompany
· Country = US
If you want to use a reference to a CA name space, then the elements contained in the CA field are automatically used for the server's Distinguished Name. In addition, you cannot modify the Country field. Use the toggle function () to activate or deactivate the reference to a CA name space.
In addition, the application server's Distinguished Name to use for SNC must be unique. You cannot specify a Distinguished Name that the server uses in a different PSE, for example, the system PSE.
4. Choose Enter.
You return to the Trust Manager screen.
5. For SNC, you must assign a password to the PSE. Choose Assign password.
The PSE dialog appears.
6. Enter a password for the PSE and choose Enter.
You return to the Trust Manager screen.
The system creates the SNC PSE and distributes it to the individual application servers. The system protects the PSE with a password and creates credentials for the server so that it can access the PSE at run-time.
If you are using individual PSEs, then the next step is to exchange the servers’ public-key certificates. Otherwise, export the SNC PSE to the file system.