Generating and Installing a PSE Certificate on Unwired Server

Generate a PSE certificate on Unwired Server to use in testing connections with SAP Systems when using the SAP Cryptographic Library to secure the connection using Secure Network Communications (SNC).

Prerequisites

Download and install the SAP Cryptographic Library.

Task

These instructions describe how to generate an X.509 certificate for testing SAP JCo and single sign-on with SNC only. In a production environment, a different entity controls certificate management. For example, an SAP system administrator controls certificate generation and management for his or her particular environment, including maintaining the certificate list in a Personal Security Environment (PSE) with trust manager.

Note: When the CertificateAuthenticationLoginModule gets a certificate from a client, it can optionally validate that it is a trusted certificate. The easiest way to support validation is to import the CA certificate into the <UnwiredPlatform_InstallDir>/Servers/UnwiredServer/Repository/Security/truststore.jks file, which is the default Unwired Server truststore.

Use the SAPGENPSE utility to create a PSE certificate to use for testing. See http://help.sap.com/saphelp_nw04s/helpdata/en/a6/f19a3dc0d82453e10000000a114084/content.htm. The basic steps are:

Generate the certificate from the SAP Cryptograhpic Library directory. For example,C:\sapcryptolib:
sapgenpse get_pse <additional_options> -p <PSE_Name> –r <cert_req_file_name> -x <PIN> <Distinguished_Name>
Copy the PSE certificate (for example, SNCTEST.pse) to the location of your installed SAP Cryptographic Library. For example, C:\sapcryptolib.
Generate a credential file (cred_v2) from the C:\sapcryptolib directory:
sapgenpse seclogin -p SNCTEST.pse -O DOMAIN\your_name_here -x password
Note: The user generating the certificate must have the same user name as the process (mlserv32.dll or eclipse.exe) under which the Unwired Platform service runs.