Wednesday, 19 November 2014

[TOPIC - SAP] - Preserve PSEs during system copy/refresh in ABAP systems


Many of you might know this already, just wanted to share in case any of you doesn’t know this. During refresh of ABAP system, we do have to delete and recreate all strust certificates (system, ssl, nfe, snc etc) as part of post refresh steps. Here is a small tip for that; we can take backup of all folders in Strust. Below is the procedure for the same.

 
NOTE: Please read the full description of the procedure before executing.

Export a PSE from STRUST

  1. Select the PSE to be exported by double-clicking
    Attention when working on the PSE "SSL server Standard": this PSE typically is a collective PSE, consisting of the default SSL Server PSE (selected when doubleclicking the SSL Server PSE node in the navigation tree on the left hand side) and the application server specific PSEs (selected when doubleclicking the application server entries visible when opening the SSL Server PSE node)
  2. Verify, that the PSE to be exported is displayed on the right hand side of transaction STRUST
  3. Execute the menu item "PSE --> Save as..."
  4. From the appearing popup, select the entry "File (Export PSE)"
  5. Select a distinctive file name to save your PSE file on your local workstation (PC)(*)
  6. Press the green tick mark button (Input) or the "Enter" key

Import a simple PSE into STRUST

Keep in mind, that the PSEs you overwrite need to be backed up first if you plan to reuse them!

  1. Doubleclick the icon "File" from the navigation tree on the left hand side of transaction STRUST (**)
  2. Select the PSE file to be imported from your local workstation (PC) and open it (*)
  3. Verify, that the PSE to be imported is displayed on the right hand side of transaction STRUST
  4. Execute the menu item "PSE --> Save as..."
  5. From the appearing popup, select the entry representing the PSE type that you want to replace in your system:
    For SSL Client PSEs, select the actual client identity to be replaced.
    For WSS PSEs, select the actual PSE to be replaced. (not available in all releases)
    For SSF application PSEs, select the actual SSF application to be replaced.
    For SSL Server identities different from 'DFAULT', select the respective server identity. (not available in all releases)
    The procedure for the PSE "SSL server Standard" (DFAULT) is described below
  6. Press the green tick mark button (Input) or the "Enter" key
  7. Save the PSE by clicking the "Save" button (diskette symbol)

Import the PSE "SSL Server Standard" into STRUST

Keep in mind, that the PSEs you overwrite need to be backed up first if you plan to reuse them!
The PSE "SSL server Standard" typically consists of multiple simple PSEs, which in the following are referred to as 'SSL Server PSE'.

The full import procedure consists of three parts, which are shown seperately for improved readability.

Preparation 1: Investigate the PSEs' SubjectNames

  1. Make sure, that you have available all SSL Server PSEs that you want to import
  2. Open notepad or another editor of your choice
  3. Repeat the following steps (4..8) for each SSL Server PSE to be imported:
  4. Doubleclick the icon "File" from the navigation tree on the left hand side of transaction STRUST
  5. Select the PSE file to be imported from your workstation (PC) and open it (*)
  6. From the right hand side, copy the Distinguished Name (DN) of the PSE's own certificate
  7. Paste the DN into your open notepad, using new lines for the DN of each SSL Server PSE
  8. Keep track, which DN refers to which PSE (default, application server specific)

Preparation 2: Create a "dummy" PSE with the required SubjectNames

Attention - during these steps, an existing "SSL Server PSE" will be replaced.

  1. Click the node "SSL server Standard" with the right mouse button
  2. Select "Replace" and confirm that you want to replace the current PSE with a new one
  3. In the popup appearing, click the "pen" button (Revise DN)
  4. Replace the proposed DN with the DN of the default SSL Server PSE (from the notepad)
    If you have no default SSL Server PSE to import, the system proposed DN will be OK.
  5. Press the green tick mark button (Input) or the "Enter" key
  6. In the second popup, replace the DNs of the application server specific PSEs with the respective DNs from your notepad.
  7. Assure, that you enter the correct DN to the respective application server.
  8. Press the green tick mark button (Input) or the "Enter" key

Processing: The actual import

  1. Repeat the following steps (2..7) for each SSL Server PSE to be imported:
  2. Doubleclick the icon "File" from the navigation tree on the left hand side of transaction STRUST (**)
  3. Select the PSE file to be imported from your workstation (PC) and open it (*)
  4. Execute the menu item "PSE --> Save as..."
  5. From the appearing popup, select the entry "SSL Server PSE" (DFAULT)
  6. Press the green tick mark button (Input) or the "Enter" key
  7. Confirm, that you want to replace the PSE of the same DN
  8. Save the PSE by clicking the "Save" button (diskette symbol)

Remarks:

(*) Export and Import for the time being is only available to/from your client workstation (PC).

(**) At this step, don't use the menu item "PSE --> Import" for opening the PSE to be imported. This would lead to importing the wrong PSE in the following steps.
Posted by at 6:38 pm

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Share

Widgets