Here in this Blog i would like to explain the complete process on How to renew SAP Router Certificate.
Renewing SAP Router Certificate.
It acts as a proxy in a network connection between SAP systems, or between SAP systems and external networks. A standalone SAP program that protects your SAP network against unauthorized access .
- Login to SAP Router Server and stop Router service.
- Take a backup of file in usr/sap/saprouter : Cred_v2, srcert, certreq, local.pse
Also you can take a copy of SAPRouter folder
- Run the following command –
“sapgenpse get_pse -v -r certreq1 -p local.pse”
to generate a certificate in OS level.
- Enter the new PIN for PSE file two times – ******
- Now it will ask to provide your Distinguished Name. Give DSN and press Enter.
CN=*********, OU=0000123456, OU=SAProuter, O=SAP, C=DE
- It will create a new Certificate file “certreq” in the sap router file system.
- Open the file ‘certreq’ and copy the content or code from that file.
- Open Support portal and navigate to SAP Router page where your Router is configured and click on Submit CSR
- Paste the copied data from here as shown below and hit on Request Certificate.
- Copy the generated response.
- Paste it in “srcert” file and save.
- Now run the following command and give the PSE Pin :– ********
sapgenpse.exe import_own_cert -c srcert -p local.pse
This command will import the response that copied into “srcert” file.
- Now run the following command to create a file “cred_v2”.
sapgenpse seclogin -p local.pse -O <saprouter user>
sapgenpse seclogin -p local.pse -O Administrator
- Verification of the Router can be done by running following command.
sapgenpse get_my_name -v -n Issuer
- Run the command whether the Router is running or not.
- SAP Router Certificate Validity
sapgenpse get_my_name -n validity
This is the complete process of renewing SAP Router Certificate. Feel free to post any comments or queries related to this topic.