SAPGENPSE Usage for PSE Files

You can use the “sapgenpse” command line tool to manage all PSE (Personal Security Environment) file operations easily on all operating systems.

SAPGENPSE Usage for PSE Files

Creating a PSE for the Server Using SAPGENPSE

We can use the option get_pse" to generate the server’s PSE, which includes the public and private key pair and a public-key certificate.We can use this command with the options “noreq” or “onlyreq” 

Following command generates a PSE is the SECUDIR directory.

sapgenpse get_pse <additional_options> [-p <PSE_name>] [-r <cert_req_file_name>] [-x <PIN>] [DN]

SAPGENPSE Usage for PSE Files

Example ;

sapgenpse get_pse -p F:\usr\sap\TST\ DVEBMGS00\sec\TST.pse -noreq -x tstpin “CN=TST, OU=Test, O=Company, C=TR”

Get Certificate Request Using SAPGENPSE

We can use “gen_pse” option with “sapgenpse” command to generate certificate request file  for the related PSE file.

sapgenpse gen_pse <additional_options> [-p <PSE_name>] 

Example ;

sapgenpse gen_pse –p F:\usr\sap\TST\DVEBMGS00\SAPSSLS.pse “CN=servername.net, OU=IT, O=Company, SP=Besiktas, L=İstanbul, C=TR”

SAPGENPSE Usage for PSE Files

This option created a new PSE file and the certificate request response, if we don’t want to create a new PSE file and just want to create a certification response as a file then

we can use the “-onlyreq” switch with “-r” file location information like below ;

sapgenpse gen_pse -p F:\usr\sap\TST\DVEBMGS00\sec\SAPSSLS.pse -onlyreq -r F:\usr\sap\TST\DVEBMGS00\sec\sapsslpse.req

SAPGENPSE Usage for PSE Files

Checking a PSE file Details Using SAPGENPSE

We can use “get_my_name” option with “sapgenpse” command to get the details of the related PSE file.

sapgenpse get_my_name <additional_options> [-p <PSE_name>] 

Example ;

sapgenpse get_my_name -p F:\usr\sap\<SID>\DVEBMGS00\sec\SAPSSLS.pse

SAPGENPSE Usage for PSE Files

Creating the Server’s Credentials Using SAPGENPSE

We have to create server’s credentials “Cred_v2″ file under the SECUDIR with following command.

Example ;

sapgenpse seclogin -p F:\usr\sap\TST\DVEBMGS00\sec\TST.pse  -O SAPserviceTST

SAPGENPSE Usage for PSE Files

as a result, the credentials file “Cred_v2″ for the user provided with the -O option is created in the SECUDIR directory.

Exporting the Server’s Certificate Using SAPGENPSE

Use the tool’s option “export_own_cert” to export the server’s certificate

sapgenpse export_own_cert -o <output_file> -p <PSE_name> [-x <PIN>]

SAPGENPSE Usage for PSE Files

Example ;

sapgenpse export_own_cert -0 tst.cer -p F:\usr\sap\TST\DVEBMGS00\sec\TST.pse

SAPGENPSE Usage for PSE Files

Maintaning the Server’s Certificate List Using SAPGENPSE

Use the tool’s option “maintain_pk” to maintain the server’s certificate list.

sapgenpse maintain_pk [<additional options>] [-a <cert_file>] [-d <number>] -p <PSE_name> [-x <PIN>]

SAPGENPSE Usage for PSE Files

Example ;

sapgenpse maintain_pk –p F:\usr\sap\TST\DVEBMGS00\sec\TST.pse –a tst.cer

SAPGENPSE Usage for PSE Files

Listing the Existing Certificate List Using SAPGENPSE

Use the tool’s option “maintain_pk” with the “-l” switch to maintain the server’s certificate list.

sapgenpse maintain_pk -p <PSE_name> -l (1 / 2 ..)

Example ;

sapgenpse maintain_pk –p F:\usr\sap\TST\DVEBMGS00\SAPSSLS.pse –l 

sapgenpse maintain_pk –p F:\usr\sap\TST\DVEBMGS00\SAPSSLS.pse –l  1 

SAPGENPSE Usage for PSE Files

Deleting the Server’s Credentials Using SAPGENPSE

Use the following command line to delete the server’s credentials ;

sapgenpse seclogin [-d] [-p <PSE_name>]

SAPGENPSE Usage for PSE Files

Example ;

sapgenpse seclogin -d  -p F:\usr\sap\TST\DVEBMGS00\SAPSSLS.pse

SAPGENPSE Usage for PSE Files

Changing the PIN Using SAPGENPSE

Use the tool’s option “seclogin” to change the PIN that protects the server’s PSE.

sapgenpse seclogin [-chpin] [-p PSE_name>] [-x <PIN>] [-xn <new_PIN>]

SAPGENPSE Usage for PSE Files

Example ;

Old PIN –> 1

sapgenpse seclogin -p F:\usr\sap\TST\DVEBMGS00\sec\SAPSSLS.PSE -chpin -x 1 –xn

Wrong or Missing PIN for PSE

 

Leave a Reply


8 × two =

Blogroll