Show TOC Start of Content Area

Procedure documentation Creating the SNC PSE  Locate the document in its SAP Library structure

Use

Use the procedure below to create the PSE that the server will use for SNC.

Note

If you are using a single PSE for all server components and you have already created the PSE on a different server, then see Importing the SNC PSE.

Prerequisites

·        The SAP Cryptographic Library is installed on the application server.

Note

If the SAP Cryptographic Library is not installed, then the trust manager does not display the node for the SNC PSE.

·        The environment variable SECUDIR is set to the location where the PSE is stored.

·        The naming convention you use for the Distinguished Name must match the Distinguished Name part of the server's SNC name that you define in the profile parameter snc/identity/as. If this profile parameter is not yet set, then you can still specify the server's Distinguished Name, but you receive a warning that you have to maintain the profile parameter. (See also Setting the SNC Profile Parameters.)

·        In addition, the server's Distinguished Name for SNC must be unique. It cannot also be used in a different PSE, for example, the system PSE.

Procedure

Using the trust manager (transaction STRUST):

...

       1.      Select the SNC PSE node.

       2.      Using the context menu, choose Create (if no PSE exists) or Replace.

The <Create/Replace> PSE dialog appears.

       3.      If the server's SNC name is defined in the profile parameter snc/identity/as, then the system automatically determines the Distinguished Name accordingly. Otherwise, enter the Distinguished Name parts in the corresponding fields, for example:

·        Name = <SID>

·        Org. (opt.) = Test

·        Comp./Org. = MyCompany

·        Country = US

Note

If you want to use a reference to a CA name space, then the elements contained in the CA field are automatically used for the server's Distinguished Name. In addition, you cannot modify the Country field. Use the toggle function (This graphic is explained in the accompanying text) to activate or deactivate the reference to a CA name space.

Note

In addition, the application server's Distinguished Name to use for SNC must be unique. You cannot specify a Distinguished Name that the server uses in a different PSE, for example, the system PSE.

       4.      Choose Enter.

You return to the Trust Manager screen.

       5.      For SNC, you must assign a password to the PSE. Choose This graphic is explained in the accompanying text Assign password.

The PSE dialog appears.

       6.      Enter a password for the PSE and choose Enter.

You return to the Trust Manager screen.

Result

The system creates the SNC PSE and distributes it to the individual application servers. The system protects the PSE with a password and creates credentials for the server so that it can access the PSE at run-time.

If you are using individual PSEs, then the next step is to exchange the servers’ public-key certificates. Otherwise, export the SNC PSE to the file system.

 

 

End of Content Area