Maintaining PSEs and Managing Certificates
Functions are available for maintaining either PSE information or managing certificates. See the tables below.
All changes only apply after saving the data.
Maintaining PSEs
To maintain a specific PSE, select the PSE with a double-click. The PSE information is then displayed in the PSE maintenance section (upper right). The following functions are available:
PSE Information
Function |
Choose |
What you should know |
Generate a certificate request |
Generate certificate request Menu: |
This function generates a public and private key pair and certificate request. Either save the request to a file or use Copy&Paste to send to certificate request to the CA to be signed. |
Import the certificate request response |
Import certificate request response Menu: |
After receiving the certificate request response from the CA, use this function to import the response (the signed certificate) into the selected PSE. A certificate request and corresponding response belong to a specific key pair and PSE. You can therefore only import the response into the PSE for which the request was generated. For example, if you generate a new PSE after you have already sent a certificate request to the SAP CA, then the response you receive is invalid and cannot be imported into the server's new PSE. The certificate request response must also exist in the correct format, PKCS#7 certificate chain, which contains both the requester's and the issuing CA's certificates. However, if the response contains only the requester's certificate in PEM (Privacy Enhanced Mail) format and no CA certificate, then the system builds the correct format. In this case, the issuing CA's root certificate must exist in the certificate store. For more information, see Maintaining Certificates in the Database.The new certificate does not automatically appear in the certificate section. However, the text (self-signed) should disappear in the PSE maintenance section. To view the certificate, select the certificate in the Own cert. field with a double-click. The certificate then appears in the certificate section. |
Generate a verification PSE |
Generate verification PSE Menu: |
This function generates a verification PSE for the selected PSE that contains the PSE's own certificate and the certificates you select from the certificate list. You can then distribute and use this verification PSE to verify the digital signatures created by the corresponding certificate owners. |
Delete a certificate from the PSE's certificate list |
Delete selected certificate Menu: |
For more information about maintaining a PSE's certificate list, see Maintaining the Certificate List. |
Assign a password to the PSE |
Assign password |
In this case, you can only maintain the PSE with the trust manager after providing the PSE's password. In addition, the system uses this password to create encrypted credentials for the server. If you forget the password, you can no longer maintain the PSE using the trust manager. |
Save the data after performing any of the above functions.
Managing Certificates
The following functions for certificate management are available:
Certificate Information
Function |
Choose |
What you should know |
Export the selected certificate |
Export certificate Menu: à Certificate à Export |
You can export it to any of the following:
Note the following:
|
Import a certificate |
Import certificate Menu: à Certificate à Import |
This function imports a certificate from either a file, an LDAP directory, the system's certificate store, or from another SAP System. |
Add a certificate to the PSE's certificate list |
Add to certificate list Menu: à Edit à Add certificate |
For more information about maintaining a PSE's certificate list, see Maintaining the Certificate List. |
Select the SAP CA's certificate |
Menu: à Certificate à SAP Workplace CA (DSA) |
This function selects the SAP CA's certificate, for which you can then perform other functions. For example, you can export it to a file or add it to a PSE's certificate list. |
Maintain the system's certificate store directly |
Menu: à Certificate à Certificate Store |
With this function, you can directly maintain the system's certificate store, which contains CA root certificates. The maintenance functions available include removing certificates from the store and activating or deactivating a CA certificate to use for building certificate request responses. For more information, see Maintaining the Certificate Store. |
Save the data after performing any of the above functions.