Purpose
SAProuter certificate is yearly based renewal process, This blog post will help audience to Renewing SAP Router Certificate.
What is SAPRouter?
It acts as a proxy in a network connection between SAP systems, or between SAP systems and external networks. A standalone SAP program that protects your SAP network against unauthorized access .
Steps for Renewing SAP Router
Stop SAPRouter Service.
- Login to SAP Router Server and close the saprouter.exe command window.
Or
- Login to SAP Router Server and stop Router service.
Before executing the activity please take backup of SAPROUTER files from OS level.
- Take a backup of file in usr/sap/saprouter : Cred_v2, srcert, certreq, local.pse
Also you can take a copy of SAPRouter folder
Generating the certificate.
- Run the following command
“sapgenpse get_pse -v -r certreq1 -p local.pse”
to generate a certificate in OS level.
- Enter the new PIN for PSE file two times – ******
- Now it will ask to provide your Distinguished Name. Give DSN and press Enter.
CN=*********, OU=0000123456, OU=SAProuter, O=SAP, C=DE
- It will create a new Certificate file “certreq” in the sap router file system.
- Open the file ‘certreq’ and copy the content or code from that file.
- Open Support portal and navigate to SAP Router page where your Router is configured and click on Submit CSR
- Paste the copied data from here as shown below and hit on Request Certificate.
- Copy the generated response.
- Paste it in “srcert” file and save.
- Now run the following command and give the PSE Pin :– ********
sapgenpse.exe import_own_cert -c srcert -p local.pse
This command will import the response that copied into “srcert” file.
- Now run the following command to create a file “cred_v2”.
sapgenpse seclogin -p local.pse -O <saprouter user>
sapgenpse seclogin -p local.pse -O Administrator
- Verification of the Router can be done by running following command.
sapgenpse get_my_name -v -n Issuer
Start SAP Router service
Post Verification checks.
Validation check in Support Portal
SAPRouter Status check
- Run the command whether the Router is running or not.
Saprouter -l
SAPRouter Validity check
- SAP Router Certificate Validity
sapgenpse get_my_name -n validity
Wind-up
This is the complete process of renewing SAP Router Certificate. Feel free to post any comments or queries related to this topic.