Start of Content Area

Procedure documentation Maintaining PSEs and Managing Certificates  Locate the document in its SAP Library structure

Functions are available for maintaining either PSE information or managing certificates. See the tables below.

Caution

All changes only apply after saving the data.

Maintaining PSEs

To maintain a specific PSE, select the PSE with a double-click. The PSE information is then displayed in the PSE maintenance section (upper right). The following functions are available:

PSE Information

Function

Choose

What you should know

Generate a certificate request

This graphic is explained in the accompanying text Generate certificate request

Menu:
à PSE à Generate certificate request

This function generates a public and private key pair and certificate request. Either save the request to a file or use Copy&Paste to send to certificate request to the CA to be signed.

Import the certificate request response

This graphic is explained in the accompanying text Import certificate request response

Menu:
à PSE à Import certificate request response

After receiving the certificate request response from the CA, use this function to import the response (the signed certificate) into the selected PSE.

Caution

A certificate request and corresponding response belong to a specific key pair and PSE. You can therefore only import the response into the PSE for which the request was generated.

For example, if you generate a new PSE after you have already sent a certificate request to the SAP CA, then the response you receive is invalid and cannot be imported into the server's new PSE.

Caution

The certificate request response must also exist in the correct format, PKCS#7 certificate chain, which contains both the requester's and the issuing CA's certificates. However, if the response contains only the requester's certificate in PEM (Privacy Enhanced Mail) format and no CA certificate, then the system builds the correct format. In this case, the issuing CA's root certificate must exist in the certificate store. For more information, see Maintaining Certificates in the Database.

Note

The new certificate does not automatically appear in the certificate section. However, the text (self-signed) should disappear in the PSE maintenance section. To view the certificate, select the certificate in the Own cert. field with a double-click. The certificate then appears in the certificate section.

Generate a verification PSE

This graphic is explained in the accompanying text Generate verification PSE

Menu:
à PSE à Generate verification PSE

This function generates a verification PSE for the selected PSE that contains the PSE's own certificate and the certificates you select from the certificate list.

You can then distribute and use this verification PSE to verify the digital signatures created by the corresponding certificate owners.

Delete a certificate from the PSE's certificate list

This graphic is explained in the accompanying text Delete selected certificate

Menu:
à Edit à Delete certificate

For more information about maintaining a PSE's certificate list, see Maintaining the Certificate List.

Assign a password to the PSE

This graphic is explained in the accompanying text Assign password

In this case, you can only maintain the PSE with the trust manager after providing the PSE's password. In addition, the system uses this password to create encrypted credentials for the server.

Caution

If you forget the password, you can no longer maintain the PSE using the trust manager.

Save the data after performing any of the above functions.

Managing Certificates

The following functions for certificate management are available:

Certificate Information

Function

Choose

What you should know

Export the selected certificate

This graphic is explained in the accompanying text Export certificate

Menu:

à Certificate à Export

You can export it to any of the following:

  • A local file
  • A directory service
  • The local certificate store in the database

Note the following:

  • When saving the certificate as a file, you can select either binary or base 64 encoding. In most cases, select the binary format.
  • When saving to an LDAP directory, choose the LDAP server and enter the base entry for the CA certificate.

Import a certificate

This graphic is explained in the accompanying text Import certificate

Menu:

à Certificate à Import

This function imports a certificate from either a file, an LDAP directory, the system's certificate store, or from another SAP System.

Add a certificate to the PSE's certificate list

This graphic is explained in the accompanying text Add to certificate list

Menu:

à Edit à Add certificate

For more information about maintaining a PSE's certificate list, see Maintaining the Certificate List.

Select the SAP CA's certificate

Menu:

à Certificate à SAP Workplace CA (DSA)

This function selects the SAP CA's certificate, for which you can then perform other functions. For example, you can export it to a file or add it to a PSE's certificate list.

Maintain the system's certificate store directly

Menu:

à Certificate à Certificate Store

With this function, you can directly maintain the system's certificate store, which contains CA root certificates. The maintenance functions available include removing certificates from the store and activating or deactivating a CA certificate to use for building certificate request responses. For more information, see Maintaining the Certificate Store.

Save the data after performing any of the above functions.

 

End of Content Area