Export and Import of ApplicationCertificate
Use
To join the security information you export thecertificate of the application and import it into TREX keystore.
Prerequisites
●The SAPCryptographic Library is installed on the application server.
●The SECUDIRenvironment variable is set to the location where the PSE keystore isstored.
●The SNC PSE existson the application server.
Export ApplicationCertificate
For the export ofthe application certificate, you use the trust manager (transactionSTRUST):
...
1.Start thetransaction STRUST.
2.Choose SNC(SAPCryptolib) and selectthe keystore.
Informationabout the keystore appears in the Maintenancesection.
3.Double-click theapplication certificate that is displayed in OwnCertificate.
Informationabout the certificate appears in the section Certificate.
4.In the Certificatesection, chooseExportcertificate.
The export dialogappears.
5.Save thecertificate to the destination (for example, to a local file SAPSNCS.r3.crtin the TREX SECUDIR directory. Now the certificate of the applicationis located on the file system.
MoreInformation
●Using the SAPCryptographic Library for SNC
●Importing Public KeyCertificates into SAP Web AS
Import Application Certificate intoTREX Key Store
On TREX side youimport the application certificate from the file where you stored it into theTREX SAPSNCS.pse keystore using the following command:
sapgenpse maintain_pk -a SAPSNCS.r3.crt –pSAPSNCS.pse
Overview ofCommands for SAPGENPSE
Command | Function |
sapgenpse | Starts theSAPGENPSE cryptography tool. |
maintain_pk | Function ofSAPGENPSE that imports the certificate to the keystore. |
-a<EXPORTED_FILENAME>.r3.crt | Enter the file nameof the certificate of the application to be imported. <EXPORTED_FILENAME>.r3.crtis a placeholder for theexported certificate. |
- p SAPSNCS.pse | You specify thefile name of the keystore that is to contain the certificate here. |
Result
The applicationcertificate is imported into the TREX keystore.