SAP Router is use by sap to communicate with SAP Global Server or if you asking SAP Global to solve you issue you have reported by opening a ticket in SAP support website. Today, i’m gonna show you how to renew SAP Router certificate which done annually using command line guided by SAP.
Backup old certificate
First thing first, you need to backup old certificate just in case anything goes sideways.
There are 4 file you need to backup :
- certreq
- cred_v2
- local.pse
- srcert
Backup those files to another folder by creating new folder in the same directory, and name it as you like or you can rename all the old files.
Requesting new certificate
Next is to go to SAP support webiste to get you Distinguish Name for your sap router , open SAPRouter Page on SAP Support and choose Tools from dropdown menu at the top of sap website and then select SAProuter as shown in the picture below
After the website load to SAProuter page, select certificate and the page will guide directly to the page with “Apply for SAP Router Certificate”
Login with your credential and it will take you to the page as shown below
Now, you need to generate certificate ruquest required by the sap. To get it, you simply copy paste this command below into your sap router’s server terminal :
sapgenpse get_pse -v -r certreq -p local.pse “ <Distinguished Name> ”
sapgenpse get_pse -v -r certreq -p local.pse “CN=example, OU=0000123456, OU=SAProuter, O=SAP, C=DE”
Example:
When you press enter, you will asked twice to create PIN here. Please insert the desired PIN (there is now specific rule for PIN, just insert as you desired) and remember/document it is because you will be asked to insert the password every time you’re using this PSE file.
Display the output file “certreq” and with copy&paste (including the BEGIN and END statement) insert the certificate request into the text area of the same form on the SAP Service Marketplace from which you copied the Distinguished Name.
In response you will receive the certificate signed by the CA in the Service Marketplace. Copy&paste the text to a new local file named “srcert”, which must be created in the same directory as the sapgenpse executable.
Install downloaded certificate
With this in turn you can install the certificate in your saprouter by calling:
sapgenpse import_own_cert -c srcert -p local.pse
Now you need to create the credentials for the SAProuter with the same program , just run this command below :
sapgenpse seclogin -p local.pse
This will create a file called “cred_v2″ in the same directory as “local.pse”
To check if the certificate has been imported successfully, run the following command :
sapgenpse get_my_name -v -n Issuer
The name of the Issuer should be:
CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE |
Now start your saprouter and delete the old file afterward
and Done, Congratulation , your SAProuter certificate is renewed and ready to fully function.