Skip to Content
Technical Articles

Renewal of SAPRouter Certificate

Purpose

SAProuter certificate is yearly based renewal process, This blog post will help audience to Renewing SAP Router Certificate.

 

What is SAPRouter?

It acts as a proxy in a network connection between SAP systems, or between SAP systems and external networks. A standalone SAP program that protects your SAP network against unauthorized access .

Steps for Renewing SAP Router

Stop SAPRouter Service.

  • Login to SAP Router Server and close the saprouter.exe command window.

Or

  • Login to SAP Router Server and stop Router service.

 

 

Before executing the activity please take backup of SAPROUTER files from OS level.

  • Take a backup of file in usr/sap/saprouter : Cred_v2, srcert, certreq, local.pse

Also you can take a copy of SAPRouter folder

Generating the certificate.

  • Run the following command

“sapgenpse get_pse -v -r certreq1 -p local.pse”

to generate a certificate in OS level.

  • Enter the new PIN for PSE file two times – ******

  • Now it will ask to provide your Distinguished Name. Give DSN and press Enter.

CN=*********, OU=0000123456, OU=SAProuter, O=SAP, C=DE

  • It will create a new Certificate file “certreq” in the sap router file system.
  • Open the file ‘certreq’ and copy the content or code from that file.

  • Open Support portal and navigate to SAP Router page where your Router is configured and click on Submit CSR

 

  • Paste the copied data from here as shown below and hit on Request Certificate.

  • Copy the generated response.

  • Paste it in “srcert” file and save.

  • Now run the following command and give the PSE Pin :– ********

sapgenpse.exe import_own_cert -c srcert -p local.pse

This command will import the response that copied into “srcert” file.

  • Now run the following command to create a file “cred_v2”.

sapgenpse seclogin -p local.pse -O <saprouter user>

sapgenpse seclogin -p local.pse -O Administrator

  • Verification of the Router can be done by running following command.

sapgenpse get_my_name -v -n Issuer

 

Start SAP Router service

 

Post Verification checks.

 

Validation check in Support Portal

SAPRouter Status check

  • Run the command whether the Router is running or not.

Saprouter -l

SAPRouter Validity check

  • SAP Router Certificate Validity

sapgenpse get_my_name -n validity

 

Wind-up

This is the complete process of renewing SAP Router Certificate. Feel free to post any comments or queries related to this topic.

Be the first to leave a comment
You must be Logged on to comment or reply to a post.