Skip to Content
Technical Articles
Author's profile photo Imran Khan
Imran Khan
Posted on June 17, 2019 3 minute read

Renewal of SAPRouter Certificate

Follow RSS feed
1 Like 1,714 View 0 Comments

Purpose

SAProuter certificate is yearly based renewal process, This blog post will help audience to Renewing SAP Router Certificate.

 

What is SAPRouter?

It acts as a proxy in a network connection between SAP systems, or between SAP systems and external networks. A standalone SAP program that protects your SAP network against unauthorized access .

Steps for Renewing SAP Router

Stop SAPRouter Service.

  • Login to SAP Router Server and close the saprouter.exe command window.

Or

  • Login to SAP Router Server and stop Router service.

 

 

Before executing the activity please take backup of SAPROUTER files from OS level.

  • Take a backup of file in usr/sap/saprouter : Cred_v2, srcert, certreq, local.pse

Also you can take a copy of SAPRouter folder

Generating the certificate.

  • Run the following command

“sapgenpse get_pse -v -r certreq1 -p local.pse”

to generate a certificate in OS level.

  • Enter the new PIN for PSE file two times – ******

  • Now it will ask to provide your Distinguished Name. Give DSN and press Enter.

CN=*********, OU=0000123456, OU=SAProuter, O=SAP, C=DE

  • It will create a new Certificate file “certreq” in the sap router file system.
  • Open the file ‘certreq’ and copy the content or code from that file.

  • Open Support portal and navigate to SAP Router page where your Router is configured and click on Submit CSR

 

  • Paste the copied data from here as shown below and hit on Request Certificate.

  • Copy the generated response.

  • Paste it in “srcert” file and save.

  • Now run the following command and give the PSE Pin :– ********

sapgenpse.exe import_own_cert -c srcert -p local.pse

This command will import the response that copied into “srcert” file.

  • Now run the following command to create a file “cred_v2”.

sapgenpse seclogin -p local.pse -O <saprouter user>

sapgenpse seclogin -p local.pse -O Administrator

  • Verification of the Router can be done by running following command.

sapgenpse get_my_name -v -n Issuer

 

Start SAP Router service

 

Post Verification checks.

 

Validation check in Support Portal

SAPRouter Status check

  • Run the command whether the Router is running or not.

Saprouter -l

SAPRouter Validity check

  • SAP Router Certificate Validity

sapgenpse get_my_name -n validity

 

Wind-up

This is the complete process of renewing SAP Router Certificate. Feel free to post any comments or queries related to this topic.

Assigned tags

Related Blog Posts

    Related Questions

      /
      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.