New Root Certification Authority for saprouter certificates ( SAP Router Certificate expirtation 18/07/2015 )
Few days back some of SCN members reported the issue related with expiration date of SAP Router certificate i.e on 18/07/2015.
For issue SAP recently introduced New Root Authority Certification process for customers using SNC connections.
between SAP and at their end.
Purpose of the document is just to aware the members about the updated new SAP Router certificate Authority method
Referred SAP Note : 2131531 – New Root Certification Authority for saprouter certificates
With the implementations of New Root Authority Certification SAP customers needs to follow some software changes as well as the process changes
at their end.
With effect from 15/04/2015 all newly generated SAP router certificates requests will be signed by new SAPRouter CA only.To obtain the new SAPRouter
CA,customers can navigate to link https://support.sap.com/support-programs-services/services/trust-center/download/root-certificates.html
(Requires a valid S-User ID to download ).
Note : Certificates as obtained before 15/04/2015 will no longer be supported by SAP.
4/15/2015 11:00 AM CET: switch to new SAProuter Root CA for certification requests,SAProuter certificates obtained before 04/15/2015 can still be used
7/18/2015 11:00 AM CET: switch sapservX to use PSEs signed by new SAProuter CA,SAProuter certificates obtained before 04/15/2015 can no longer be used. to establish SNC connections with SAP.
Steps Mandatory if SAPRouter Certificate applied after 18/07/2015
Customers using SNC network connection methods must
- Use of latest SAPRouter version.
- Use of latest SAPCrypto Library.
- PSE with key size 2048.
- Import old SAProuter Root CA (this step is important and necessary to establish the trust with the sapservX SAProuter at SAP until 07/18/2015).
To get more detailed description customers can jump to SAP link at https://support.sap.com/remote-support/help/installing-saprouter.html
(With a valid S-User ID).
Hope you guys will find this as a helpful document & get the useful information as well.
Updates if any are highly appreciated at my end.
Issue occurred : hostname NiHLGetNoteAddr unknown
Resolution : After successful setup of New root cert method customers or users may experience above issue & will find similar error / failure message entries under dev_rout file hostname NiHLGetNoteAddr unknown during the remote connections with SAPRouter String if using latest SAP GUI version release 740 at their ends.To overcome the issue you could follow related SAP Notes
or best to use lower SAP GUI version i.e 730 as a workaround.
Stay tuned !!