Technical Articles
Renewal of SAP Router Certificate
Introduction-
Here in this Blog i would like to explain the complete process on How to renew SAP Router Certificate.
Main Activity
Renewing SAP Router Certificate.
About SAP Router
It acts as a proxy in a network connection between SAP systems, or between SAP systems and external networks. A standalone SAP program that protects your SAP network against unauthorized access .
Procedure for Renewing SAP Router
Stop Router Service.
- Login to SAP Router Server and stop Router service.
Take backup of SAPROUTER files from OS level.
- Take a backup of file in usr/sap/saprouter : Cred_v2, srcert, certreq, local.pse
Also you can take a copy of SAPRouter folder
Generating the certificate.
- Run the following command –
“sapgenpse get_pse -v -r certreq1 -p local.pse”
to generate a certificate in OS level.
- Enter the new PIN for PSE file two times – ******
- Now it will ask to provide your Distinguished Name. Give DSN and press Enter.
CN=*********, OU=0000123456, OU=SAProuter, O=SAP, C=DE
- It will create a new Certificate file “certreq” in the sap router file system.
- Open the file ‘certreq’ and copy the content or code from that file.
- Open Support portal and navigate to SAP Router page where your Router is configured and click on Submit CSR
- Paste the copied data from here as shown below and hit on Request Certificate.
- Copy the generated response.
- Paste it in “srcert” file and save.
- Now run the following command and give the PSE Pin :– ********
sapgenpse.exe import_own_cert -c srcert -p local.pse
This command will import the response that copied into “srcert” file.
- Now run the following command to create a file “cred_v2”.
sapgenpse seclogin -p local.pse -O <saprouter user>
sapgenpse seclogin -p local.pse -O Administrator
- Verification of the Router can be done by running following command.
sapgenpse get_my_name -v -n Issuer
Start SAP Router service
Post Verification checks.
Validation check in Support Portal
SAPRouter Status check
- Run the command whether the Router is running or not.
Saprouter -l
SAPRouter Validity check
- SAP Router Certificate Validity
sapgenpse get_my_name -n validity
Conclusion
This is the complete process of renewing SAP Router Certificate. Feel free to post any comments or queries related to this topic.
Thanks for help!
Thanks Sai Kumar, only want to add the right command if you are using the new crypto Library @256 bit of encryptation
sapgenpse get_pse -v -a sha256WithRsaEncryption -s 2048 -r certreq -p local.pse "Put Here your DN"
Thankyou
Hello,
Does Renewal of SAP Router certificate includes any cost.
No
Very Helpful Blog. I can see the new certificate at the portal but after starting the SAPRouter, I can see error in dev_rout file saying own certificate has expired. Any Idea , what could be the reason of this problem ?
Br,
Ketan
Very nice post.
Rename or delete cred_v2 file.
thanks for your help it's was totally useful, now the router is working properly I could not have done without this
Regards
Thanks Sai Kumar,
Very nice document! Thank you.
get_pse: Distinguished name of PSE owner what name givein
when satar saprouter service facing this issue please help
saprouter.exe -r
invalid lines in ' ./saprouttab , see 'dev_rout' nirout.cpp 11122
Great post this is still relevant in 2023. I did come up with one issue with the error:
It was related to the system variables not set correctly for "SECUDIR." This variable needed to be pointed the saprouter folder in C drive.