How To Fix TRUST148 - Application Help

&Kurztext&
Application Help
Purpose
During the start of an application server, the PSE files for an ABAP
system are read from the database and distributed to the file system of
the server. These files contain sensitive information - in particular,
the private key. To protect this information, you can activate local
protected storage (LPS) when storing it in the file system.
If available, LPS is provided using system-dependent methods.
On the MS Windows platform, the Data Protection API (DPAPI) is used for
this purpose. In this case, a PSE file can be accessed only the host
where the protection applies.
Fallback protection is used on all other platforms. This method uses a
key from CommonCryptoLib. In this case, a PSE file can also be accessed
on other hosts and not just on the host where the protection applies.
Using This Screen
On this screen, you can set the protection level for the PSE files. The
default setting applies for each system. The upper part of the screen
displays the current setting for the system. The lower part of the
screen is detailed view for each application server. You can expand the
view for each application server, to display the information about the
PSE files for that application server.
If you want to set the maximum possible protection for your system,
perform the following steps:
Switch to change mode by choosing "Display <(><<)>-> Change (Ctrl+F1)".
In the listbox for "PSE Mode" in the "System" area at the top of the
screen, select the value "Protected".
Choose "Activate PSE Mode (Ctrl+F7)".
A message appears in the status line giving you information about how
many files now have which status (protected/unprotected), and in how
many files errors occurred.
The files with errors are indicated in the list by red icons. If you
double-click the file, a message appears describing the problem with the
file.
To check the mode of the PSE files, use the context menu for a server or
a file. Alternatively, you can check all files. To do this, choose the
"Check All Servers" button in the toolbar. As a result of the check of
all servers, the system displays how many files are currently
unencrypted, and how many are protected with LPS and were therefore
stored securely. You can perform the check in display mode.
The detailed display for each PSE file shows a green traffic light if
the target status and the current status for the file match. If the
target mode and the current mode are different, a warning icon is
displayed. If another error has occurred, for example, if there is an
error in the test signature, a red icon is displayed. The fields for the
PSE mode are also empty in this case, since it is not possible to
determine the PSE mode in this case.
If you double-click the line, the error message appears in the status
line. Clicking the message in the status line displays the long text of
the message.
To configure the protection level, use the "toggle" button (Ctrl+F1) to
switch to change mode.
If you want to set a PSE mode that is different from the system-wide PSE
mode for particular application servers, or even for individual files,
you can do this by choosing the "Change PSE Mode" button, or the entry
with the same name in the context menu for the relevant line. A dialog
box appears, in which you can select and confirm the new mode. An icon
now appears in the table, that indicates the existence of this
exception.
To change an exception of this type, follow the same procedure. To
delete an exception, use the context menu (choose the "PSE Mode: Reset
to Default") or navigate to the underlying maintenance view. To do so,
choose PSE -> File Mode in the menu. In this view, do not delete the
entry that applies system-wide (Application Server = '*', Instance =
'*', Name of PSE File = '*'). If an entry of this type no longer exists,
the system generates a new entry the next time a PSE file is accessed.
You can delete all other entries here. When you return from the
maintenance view, you might need to refresh the display by choosing
"Check All Servers" (or by performing individual checks).

The system issues an error message and will not allow you to continue with this transaction until the error is resolved.

Error message extract from SAP system. Copyright SAP SE.