Show TOC Start of Content Area

Procedure documentation Exchanging Public-Key Certificates  Locate the document in its SAP Library structure

Use

To be able to communicate using SNC, the AS ABAP must be able to identify the AS Java and vice versa. This identification process takes place using the information stored in the server’s PSE. Therefore, to make sure that the two servers can identify each other, you can either use a single PSE for both servers, or you can create individual ones.

If you use a single PSE for both servers, then both servers possess the same Distinguished Name and key pair and therefore share the same identity. You do not need to perform any additional steps.

However, if you use individual PSEs, you must exchange the servers’ public-key certificates so that they can identify each other. See the procedure below.

Prerequisites

·        The environment variable SECUDIR is set on both servers.

·        The application server also possesses a PSE to use for SNC.

Procedure

...

       1.      Export the AS Java’s public-key certificate using the configuration tool’s command export_own_cert.

Syntax

sapgenpse export_own_cert –o <output_file> -p <PSE_Name> -x <PIN>

       2.      Import the AS Java’s public-key certificate into the AS ABAP’s SNC PSE.

If the AS ABAP is Release 6.20 or higher, then you can use the trust manager (transaction STRUST) to import the certificate. Otherwise, use the configuration tool’s command maintain_pk.

Syntax

sapgenpse maintain_pk –a <cert_file> -p <PSE_Name> -x <PIN>

       3.      Export the AS ABAP’s public-key certificate.

If the AS ABAP Release is 6.20 or higher, then you can use the trust manager. Otherwise, use the configuration tool’s command export_own_cert.

       4.      Import theAS ABAP’s public-key certificate into the AS Java’s SNC PSE using the configuration tool’s command maintain_pk.

For more information, see:

·        Exporting the Server’s Certificate Using SAPGENPSE  

·        Maintaining the Server’s Certificate List Using SAPGENPSE  

·        Using the Trust Manager  

Result

The two servers can identify each other using SNC.

Example

Exporting the AS Java’s public-key certificate.

On the AS Java, enter the following command line to export its public-key certificate:

sapgenpse export_own_cert –o SAPNW_AS_Java.crt -p SAPNW_AS_Java.pse -x asjavapin

 

Importing the AS Java’s public-key certificate into the AS ABAP’s SNC PSE.

On the application server, enter the following command line to import this certificate into the application server’s SNC PSE:

sapgenpse maintain_pk –a SAPNW_AS_Java.crt -p SAPSNC.pse -x sappin

 

Export the application server’s public-key certificate.

On the AS ABAP, enter the following command line to export its public-key certificate:

sapgenpse export_own_cert –o SAPSNC.crt -p SAPSNC.pse -x sappin

 

Import the AS ABAP’s public-key certificate into the AS Java’s SNC PSE.

On the AS Java, enter the following command line to import this certificate into the AS Java’s SNC PSE:

sapgenpse maintain_pk –a SAPSNC.crt -p SAPNW_AS_Java.pse -x asjavapin

 

 

End of Content Area