Вы находитесь на странице: 1из 4

SAP ROUTER

Go to the Trust Center Service - Download Area and get the "Distinguished Name" for your SAProuter from the list of SAP routers registered for your installation. 1.As user <snc>adm set the environment System variables SECUDIR = <directory_of_saprouter> --

SECUDIR = C:\USR\SAP\SAPROUTER SNC_LIB = C:\USR\SAP\SAPROUTER\SAPCRYPTO.DLL 2. Alternatively use the two commands: sapgenpse get_pse -v -noreq -p local.pse "<Your Distinguished Name>" eg--> sapgenpse get_pse -v -noreq -p local.pse "CN=HOSTNAME, OU=0000XXXXXX, OU=SAProuter, O=SAP, C=DE" sapgenpse get_pse -v -onlyreq -r certreq -p local.pse 3. Display the output file "certreq" and with copy & paste insert the certificate request into the text area of the same form on service.sap.com/TCS from which you copied the Distinguished Name

4. In response you will receive the certificate signed by the CA in the Service Marketplace, copy & paste the text to a local file named srcert

5. With this in turn you can install the certificate in your saprouter by calling sapgenpse import_own_cert -c srcert -p local.pse

6. now you will have to create the credentials for the SAProuter with the same program (if you omit -O <user>, the credentials are created for the logged in user account) sapgenpse seclogin -p local.pse

7. This will create a file called cred_v2 in the same directory.

8. Check if the certificate has been imported correctly sapgenpse get_my_name -v -n Issuer

The name of the Issuer should be: CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE If this is not the case, delete the files cred_v2, local.pse and start over at Item 4. If the output still does not match please open a customer message in component XX-SER-NET-OSS stating the actions you have taken so far and the output of the commands

Few additional commands sapgenpse get_my_name -v -n validity (for checking validity of SAProuter) saprouter -r -V3 -T log (for detailed error log)

SAMPLE OF SAPROUTETAB FILE

*****************---**************
# SNC-connection from and to SAP KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 * # SNC-connection from SAP to local R/3-System for Support KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.0.122 3200 # SNC-connection from SAP to local R/3-System for NetMeeting, if it is needed KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" prdsrvr 1503 # SNC-connection from SAP to local R/3-System for saptelnet, if it is needed KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" prdsrvr 23

# SNC-connection from SAP to local R/3-System for Support KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.0.121 3200 # SNC-connection from SAP to local R/3-System for NetMeeting, if it is needed KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" d-server 1503 # SNC-connection from SAP to local R/3-System for saptelnet, if it is needed KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" devsrvr 23

# SNC-connection from SAP to local R/3-System for Support KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.0.127 3200 # SNC-connection from SAP to local R/3-System for NetMeeting, if it is needed KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" tstsrvr 1503 # SNC-connection from SAP to local R/3-System for saptelnet, if it is needed KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" tstsrvr 23

# Access from the local Network to SAPNet - R/3 Frontend (OSS) P * 194.39.131.34 3299 # deny all other connections D*** *************************EOF*****************************

sap router license


sap router license 1. Go to /usr/sap/saprouter execute following command : sapgenpse get_pse -v -r certreq -p local.pse "CN=SAProuter, OU=0000178802, OU=SAProuter, O=SAP, C=DE" ==> we will get new file named certreq 2. Go To https://service.sap.com/saprouter-sncadd ==> choose apply now ==> choose saprouter ==> copy and paste certreq into the text area ==> we will get new certicate 3. create new file srcert on /usr/sap/saprouter then copy & paste the new certificate 4. Go to /usr/sap/saprouter execute following command : sapgenpse import_own_cert -c srcert -p local.pse sapgenpse seclogin -p local.pse -O exdadm sapgenpse get_my_name -v -n Issuer

Here are the other steps to renew SAP Router license : 1) make a new folder in your saprouter directory like <drive>:usrsapsaprouterbackup Cut/Paste certreq, cred_v2, getcert.cer, local.pse, srcert in backup directory 2) Run the below command to generate new certificate request D:usrsapsaprouter>sapgenpse get_pse -v -r certreq1 -p local.pse it will ask for certain parameters you can get your Distinguished name from http://service.sap.com/saproutersncadd 3) After This Open http://service.sap.com/saprouter-sncadd site

4) Logon using your service.sap.com ID and Password Press Apply now-->Press Continue 5) Open the file: <drive>:usrsapsaproutercertreq1 with notepad Copy text from this file and paste the text to the request certificate page Press the Request Certificate 6) Select the generated certificate text and copy and make a text file srcert.txt in D:usrsapsaprouter directory Rename the srcert.txt to srcert only 7) Install the certificate in our saprouter by running <drive>:usrsapsaprouter>sapgenpse.exe import_own_cert -c srcert -p local.pse 8) Now we have to create the credentials for the SAProuter with command <drive>:usrsapsaprouter>sapgenpse seclogin -p local.pse -O <saprouter user> This will create a file called cred_v2 in the same directory. Check if the certificate has been imported correctly <drive>:usrsapsaprouter>Sapgenpse get_my_name -v -n Issuer That's all Done!