WRITTEN BY: supportmymoto.com STAFF
For some particular eventualities, the official product documentation explicitly asks for a PSE to be created utilizing the ‘sapgenpse’ command-line software. This isn’t a standard process since most SAP methods already present a devoted program/transaction/wizard to create and keep PSE information (e.g. transaction STRUST for NetWeaver ABAP), due to this fact solely use this process when you’re explicitly knowledgeable.
- CommonCryptoLib >= 8.5.x ** The newest model from the library might be downloaded from the SAP Software program Obtain Middle.
- Let’s verify the documentation for sapgenpse from the command-line. You possibly can run ‘sapgenpse -h‘ to get the final sapgenpse documentation. As you’ll be able to see under all accessible features and a quick description shall be displayed:
- ‘gen_pse’ is the operate that generates a brand new PSE file. First let’s verify it’s documentation to substantiate easy methods to correctly use it:
As we will see the documentation is detailed, and incorporates a number of examples of easy methods to execute the command.
- Producing a PSE file will differ for every situation, due to this fact bear in mind that the instance offered under will not be appropriate to your particular situation:
$ sapgenpse gen_pse -p <PSE file identify> -a <key kind, power and signature algorithm> -x <PSE password> “DN”
For some eventualities signing the PSE certificates with a sound CA shall be required, the steps under will element easy methods to generate the certificates request after which import the CA response utilizing sapgenpse:
- Producing the certificates request utilizing sapgenpse:
$ sapgenpse gen_pse -p <PSE file identify> -onlyreq -x <PSE password>
The certificates request might be copied from the output and despatched to the CA for signing.
- ‘import_own_cert’ is the sapgenpse operate that have to be used to import the CA response within the PSE.
a. First let’s verify how the operate must be used:
$ sapgenpse import_own_cert -h
b. When importing the CA signed certificates response within the PSE, make it possible for all the certificates chain can be being offered utilizing the ‘-r’ choice:
$ sapgenpse import_own_cert -p <PSE file> -x <PSE password> -c <CA response file> -r <extra certificates file 1 (it may be used a number of instances)>
Exporting the PSE certificates might be required for some eventualities, the next command will export the certificates.
- Operate ‘export_own_cert’ must be used. Let’s verify it’s documentation:
$ sapgenpse export_own_cert -h
- As described within the operate documentation which can be a number of choices to export the PSE certificates, and relying on the particular necessities you must select the proper choice, that can in all probability be described within the official documentation.