cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Query About PSE

Go to solution
Former Member

on ‎02-19-2016 9:53 AM

0 Kudos

Hello Gurus,

Can anyone please explain what are the places where exactly a system pse will be used?

For example, if someone wants to login into the SAP server from a Enterprise portal , it is needed?

Can anyone please let me know what are the other places in common where a system pse is used?

and can you tell me a real time scenario where a SSL client anonymous is used? I know if the SAP system does not wants to reveal its identity , Can you give an example of that?

Thanks,

Sowmya

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member185239
Active Contributor
‎02-19-2016 10:57 AM
0 Kudos

Hi Soumya,

If there is a external system , which is accessing the ABAP system/portal system , then you need the SSL configuration to access the system for security system. Then you have to configure the SAPSSLS.pse (SSL Server PSE) because here ABAP system will act as SSL server.

Where SSL client anonymous is used?

The AS ABAP uses the anonymous SSL client PSE when accessing other Web servers using the SSL protocol. Note that the server does not use the information contained in this PSE for its own authentication; it only uses the PSE's information to authenticate the Web server that it is accessing. Therefore, you do not need to have the corresponding public-key certificate signed by a CA and the steps for generating and importing a certificate request are not necessary.

Real Time Example :

UK payroll uses HMRC services for tax. HMRC is a web server which accepted the SSL request.

In this case , We download the required certificate from the web server and imported it into SSL Client anonymous SAPSSLA.pse.

After we have imported the certificate , We have make the RFC aware to use the SSL Client anonymous to get connected with HMRC Web Service.

With Regards

Ashutosh Chaturvedi

Show replies
Show replies

Answers (2)

Answers (2)

Former Member
‎02-19-2016 11:56 AM
0 Kudos

Hello Ashutosh and Isaias ,

Thanks for your reply.

In my thread , I also asked about system pse . the pse which get created during our system installation. Which we usually import into Enterprise portal for SSO . In what situations we will use system pse ( not SSL pses) ? Can you give some other real life situations for that?

Thanks,

Sowmya

Show replies
Show replies
Former Member
‎02-19-2016 12:43 PM
0 Kudos

Hi Sowmya,

Please go through below link.

System PSE - System Security - SAP Library

Regards,

Prithviraj.

Former Member
‎02-19-2016 12:45 PM
0 Kudos

Also this...

At start-up, each SAP System is supplied with a public-key pair, which includes a public-key certificate, that is stored in its own system Personal Security Environment (PSE). The SAP System can therefore produce its own digital signatures using the public-key information contained in its system PSE. Other systems can then verify the system's digital signature, which guarantees the integrity and authenticity of a document that has been digitally signed by the system.

For example, user authentication on the AS ABAP can occur using logon tickets. In this case, the AS ABAP digitally signs the user's logon ticket after successful authentication. Instead of re-authenticating the user with user ID and password, other systems that the user accesses can allow the user access after verifying the digital signature of the AS ABAP provided with the logon ticket of the user.

Regards,

Prithviraj.

former_member185239
Active Contributor
‎02-19-2016 12:50 PM
0 Kudos

Hi Soumya,

System pse is used for SSO part between the systems.

With Regards

Ashutosh Chaturvedi

isaias_freitas
Advisor
Advisor
‎02-19-2016 11:31 AM
0 Kudos

Hello Sowmya,

A pse file is essentially a certificate store used in ABAP/Java systems.

Usually, the pse files are stored under the "sec" subfolder of the SAP server folder structure (e.g., /usr/sap/<SID>/<instance>/sec).

You would have 3 pse files:

  • one for the server role (when SAP is the HTTPS server; default file name: SAPSSLS.pse);
  • one for the client role (when SAP is the HTTPS client, connecting to an HTTPS server; default file name: SAPSSLC.pse);
  • one for the anonymous client role (see Ashutosh's reply to this thread; default file name: SAPSSLA.pse).

So, the pse files are used at / by SAP systems, nowhere else.

They are needed only if you have enabled SSL (HTTPS) at the SAP system, and part of the SSL configuration would be to create / manage the pse files.

You can read the SAP note 510007 as well.

Regards,

Isaías

Show replies
Show replies
Ask a Question