Skip to Content
Technical Articles

Renewal of SAP Router Certificate

Introduction-

Here in this Blog i would like to explain the complete process on How to renew SAP Router Certificate.

Main Activity

Renewing SAP Router Certificate.

 

About SAP Router

It acts as a proxy in a network connection between SAP systems, or between SAP systems and external networks. A standalone SAP program that protects your SAP network against unauthorized access .

Procedure for Renewing SAP Router

Stop Router Service.

  • Login to SAP Router Server and stop Router service.

 

Take backup of SAPROUTER files from OS level.

  • Take a backup of file in usr/sap/saprouter : Cred_v2, srcert, certreq, local.pse

Also you can take a copy of SAPRouter folder

Generating the certificate.

  • Run the following command –

“sapgenpse get_pse -v -r certreq1 -p local.pse”

to generate a certificate in OS level.

  • Enter the new PIN for PSE file two times – ******

  • Now it will ask to provide your Distinguished Name. Give DSN and press Enter.

CN=*********, OU=0000123456, OU=SAProuter, O=SAP, C=DE

  • It will create a new Certificate file “certreq” in the sap router file system.
  • Open the file ‘certreq’ and copy the content or code from that file.

  • Open Support portal and navigate to SAP Router page where your Router is configured and click on Submit CSR

 

  • Paste the copied data from here as shown below and hit on Request Certificate.

  • Copy the generated response.

  • Paste it in “srcert” file and save.

  • Now run the following command and give the PSE Pin :– ********

sapgenpse.exe import_own_cert -c srcert -p local.pse

This command will import the response that copied into “srcert” file.

  • Now run the following command to create a file “cred_v2”.

sapgenpse seclogin -p local.pse -O <saprouter user>

sapgenpse seclogin -p local.pse -O Administrator

  • Verification of the Router can be done by running following command.

sapgenpse get_my_name -v -n Issuer

 

Start SAP Router service

 

Post Verification checks.

 

Validation check in Support Portal

SAPRouter Status check

  • Run the command whether the Router is running or not.

Saprouter -l

SAPRouter Validity check

  • SAP Router Certificate Validity

sapgenpse get_my_name -n validity

 

Conclusion

This is the complete process of renewing SAP Router Certificate. Feel free to post any comments or queries related to this topic.

1 Comment
You must be Logged on to comment or reply to a post.