0% found this document useful (0 votes)
364 views4 pages

Sap Router Certificate Renewal Process: Sapgenpse Get - My - Name - N Validity

The document outlines the process to renew an expired SAP router certificate. The steps include: 1. Stopping the SAP router service and backing up its folder. 2. Deleting old certificate files and generating a new certificate request. 3. Submitting the request on the SAP marketplace to obtain a new certificate. 4. Importing the new certificate and generating new credential files. 5. Validating the new certificate and granting the SAP router user permission. 6. Restarting the SAP router service.

Uploaded by

xil3573hoho
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
364 views4 pages

Sap Router Certificate Renewal Process: Sapgenpse Get - My - Name - N Validity

The document outlines the process to renew an expired SAP router certificate. The steps include: 1. Stopping the SAP router service and backing up its folder. 2. Deleting old certificate files and generating a new certificate request. 3. Submitting the request on the SAP marketplace to obtain a new certificate. 4. Importing the new certificate and generating new credential files. 5. Validating the new certificate and granting the SAP router user permission. 6. Restarting the SAP router service.

Uploaded by

xil3573hoho
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 4

Sap Router Certificate Renewal Process

 In the following document SAP Router was installed in C:\SAProuter\SAProuter

This is the process to check for the validity of the saprouter certificate and re-apply this.

 From command prompt, give this command:


sapgenpse get_my_name -n validity

This will show the validity. Please see screenshot highlighted. It is showing validity
expired on Jun 17, 2011.

When the validity is showing as expired, proceed as follows:

 Stop the Saprouter from the services panel.


 Make a backup of the folder: C:\SAProuter\SAProuter.This folder contains the
saprouter files and might be needed for a restore if any issues
 Then check the following environment variables as shown below:
SECUDIR
SNC_LIB
 Delete these 4 files in C:\SAProuter\SAProuter ( Ensure that you have taken
the backup in the previous steps )

certreq
cred_V2
localpse
srcert

 The distinguish name is available from the command:


sapgenspe get_my_name

The distinguish name in this case is the entire details following Subject.

 Generate the certificate request using the following command


sapgenpse get_pse –v –r certreq –p local.pse "your distinguish name"

It will ask for entering the PIN. Enter any 4 digit number. Please remember and save the
same. This pin will be needed for access to the PSE.

Once the request is created, it creates the file certreq under location:
C:\SAProuter\SAProuter

 Then Login to service marketplace under:


http://www.service.sap.com/saprouter-sncadd a Apply Certificate

This opens the form below.


Select Continue

 Paste the contents of the certreq file generated above as below, and then “Request
Certificate”. See below

 Copy the details of the new certificate generated and then paste it in a new file srcert
in the location C:\SAProuter\SAProuter.

 Then import the new certificate using:


C:\SAProuter\SAProuter>sapgenpse import_own_cert –c
“C:\SAProuter\SAProuter\srcert” –p local.pse
Please enter PIN:

CA-Response successfully imported into PSE "C:\SAPRouter\SAProuter\local.pse"

 Then run this command to generate the file cred_V2 in the saprouter directory.

sapgenpse seclogin –p local.pse

 Check if the certificate has been loaded correctly by using the following command

sapgenpse get_my_name –v –n Issuer

C:\SAProuter\SAProuter>sapgenpse get_my_name -v -n Issuer


SSO for USER "SAPRouter.1"
with PSE file "C:\SAPRouter\SAProuter\local.pse"

Subject : CN=mobilise, OU=0000912221, OU=SAProuter, O=SAP, C=DE


Issuer : CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE
Serialno: BD:43:BA:2D:74:72:35:B0:10:01:02:22:A7
KeyInfo : RSA, 1024-bit
Validity - NotBefore: Mon Jun 20 11:58:38 2011 (110620015838Z)
NotAfter: Wed Jun 20 11:58:38 2012 (120620015838Z)

This shows that the certificate has been renewed.

 The saprouter owner here is the user svc-saprouter and we need to give the saprouter
permission to this user:

C:\SAProuter\SAProuter>sapgenpse seclogin -p local.pse -O svc-saprouter


running seclogin with USER="SAPRouter.1"
creating credentials for user "NMLCLAP03\svc-saprouter"...
Please enter PIN:
Adjusting credentials and PSE ACLs to include "NMLCLAP03\svc-saprouter".
C:\SAPRouter\SAProuter\cred_v2 ... ok.
C:\SAPRouter\SAProuter\local.pse ... ok.
C:\SAPRouter\SAProuter\local.pse ... ok.
Added SSO-credentials for PSE "C:\SAPRouter\SAProuter\local.pse"
"CN=mobilise, OU=0000912221, OU=SAProuter, O=SAP, C=DE"

Once it is done, we need to restart the saprouter. And the RFC connection SAP-OSS worked.

You might also like