Scribd
Upload
1K views8 pages

SapRouter Install in Linux

The document provides steps to install and configure a new SAP router in Linux. It outlines downloading required files, generating certificates, configuring environment variables, creating saprouttab entries, and starting the SAP router service. The steps include generating a certificate request, importing the signed certificate, creating credentials for the root user, and verifying the configuration. Once completed, the SAP router can be started using the saprouter command.

Uploaded by

Devender Raju
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views8 pages

SapRouter Install in Linux

The document provides steps to install and configure a new SAP router in Linux. It outlines downloading required files, generating certificates, configuring environment variables, creating saprouttab entries, and starting the SAP router service. The steps include generating a certificate request, importing the signed certificate, creating credentials for the root user, and verifying the configuration. Once completed, the SAP router can be started using the saprouter command.

Uploaded by

Devender Raju
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

Empowering Solution

Title New Install SAP Router Configuration in Linux

Version 7.0

Author Ashish Semwal

Date 22.11.2016
SAP Router in Linux BASIS Service

1 Symptoms

Installing New Sap Router in Linux / Unix O.S. and Renewal Certificate Process

2 Prerequisites

 Access of root user in O.S.

 Login Access of S User (Sap Portal)

 Server Host Name and Server IP should be assign in your Sap Portal for Sap router

 Your distinguished name (Find from Sap Portal under Sap router certificate or Cmd: sapgenspe
get_my_name)

 You need to open the port for SAP Router 3299 & Gateway Port 3399 3389

3 Solutions

Step 1.
1. Login to the SAP Support Portal with the S-user ID and Download latest version file

SAPCRYPTOLIBP_8506-20011697.SAR
SAPROUTER_34-70000854.sar

Page No 2
>Support Packages & Patches
>A-Z Alphabetical List of Products
>S
>SAPCRYPTOLIB.SAR
>SAPROUTER.SAR
WADDAYA SOLUTIONS

2. Login into server with “Root” user.

3. Create folder under path “/usr/sap/” with name of Saprouter and move downloaded
file in to newly created folder (usr/sap/Saprouter)

4. Provide 775 permission to Saprouter Folder (chmod –R 775 /usr/sap/Saprouter)


SAP Router in Linux BASIS Service

5. Extract both file “Saprouter and Sapcryptolib” with help of tool “SAPCAR”

Step 2.

1. Generate the certificate request using the following command:

Page No 3
( Note : distinguished name should be available and PIN can enter 1234)

./sapgenpse get_pse -v -r certreq -p loc


WADDAYA SOLUTIONS

Got absolute PSE path "/usr/sap/saprouter/local.pse".


Please enter PIN: ****
Please reenter PIN: ****
Supplied distinguished name: "CN=HOST Name, OU=Customer Number, OU=SAProuter, O=SAP,
C=DE"
Creating PSE with format v2 (default)
Generating key (RSA, 2048-bits) ... succeeded.
certificate creation... ok
PSE update... ok
PKRoot... ok
Generating certificate request... ok.
SAP Router in Linux BASIS Service

2. Once the request is created, it creates the file certreq:


Open Certreq file in disply mode ( CMD : cat certreq)
-----BEGIN CERTIFICATE REQUEST-----
MIICnTCCAYUCAQAwWDELMAkGA1UEBhMCREUxDDAKBgNVBAoTA1NBUDESMBAGA1UE
CxMJU0FQcm91dGVyMRMwEQYDVQQLEwowMDAxMjk4MDAzMRIwEAYDVQQDEwlSUExE
RVZRVUEwggEiMA LASDVBKCASKJDNCASLDKN AL;KSKXM ALSKNC LSKN s;l Nsl Nslx Nsx
n;lsxn skjx SX JNsx SD sd HFGHGFGFSDVASDVAFVFVDFD F SADFASSFDF SDFASDFSADFA
certreq0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD+za7CY9unsRnNADSCADCDCDCD
dTjF6SKiHXPXzwCN2dfe4+rnqJIRkGJaxkGGgxrLabI3BolOXldLTfIlO4GtoBW8ASDCADCASDCADC
dX3HAHjjo/npKhYjFCLblOHSwY5Db2T1xsz/xj4BBJ+XaUvWhmxkQsxUJQSSqQPGXyPADCDC
NVK3YW1u4XyWbHS2f5XyfZPXdyVpqfTPTewD52ASDVASDCmEc7eVHxHEEGjux2YmwZAh//DSCw7
/XWoL1fK7dfO6G2kzLh6jD+n5kda25AT9h3DKu8NY6df494N3bASDCSDkHpHNvI0yywiL0ADCADC
f0AQJH/Vo2ryQmRKspZe2a/EA756Ozqpog/LKv2HR8CJ6wXmDmPFQWASDCzuSxrJUrx5DCDC
yOZwVg85AgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEALHK0Qxi03TRUASSDCWjpbHXoj
Igru8mXKcRP62+CSWhtH5tV2Y9IaABm9jejpQx1DlgDgj01LnBwWFn44zMR354UzASDCADCDC
S0Uf4KGJLaI+MIRBoA79PfXqy/7Fvy5DG+TOumNpjeHKW7OLSIyr6RuchfOVjrAZACSDCASAD
rf8JNzCfSyDrpY9ZqKFE4bXsqfaY7ygbNSooILGALjesgmkvGtM6svIiWcbXZQQ/DCASDCADF
ZOj1VJaPNHi6FsRisXCym/K/RCmTfk6/dwPRmocyMiWLwYqIAQjzye6epD8x1eM8SDCASDCDF
8xjOZdoO/cWKy+uMV0xNSzqwwl8LKnK5HzvOS86RdqMZIqEMFOvqIPxkxt6drceoASDCFD
-----END CERTIFICATE REQUEST-----

 Copy this script from …..BEGIN to …..END…

Page No 4
 Then Login to service marketplace under: http://www.service.sap.com/saproutersnc
add à Apply Certificate this opens the form below. Select Continue WADDAYA SOLUTIONS
SAP Router in Linux BASIS Service

 Paste the contents of the certreq file generated above as below, and then “Request
Certificate”. See below
 Copy the details of the new certificate generated and then Create txt file with name
of srcert(touch srcert) and paste it in a new file srcert in the

Page No 5
3. Importing the Certificate & Creating Credential:
WADDAYA SOLUTIONS

/sapgenpse import_own_cert -c srcert -p loc.pse

Please enter PIN: ****


CA-Response successfully imported into PSE "/usr/sap/saprouter/loc.pse"
SAP Router in Linux BASIS Service

4. Creating the credential for User responsible to start SAP Router:

./sapgenpse seclogin -p local.pse -O roo


inistrator
running seclogin with USER="root"
creating credentials for secondary user "root" ...
Please enter PIN: ****
Added SSO-credentials (#0) for PSE "/usr/sap/saprouter/loc.pse"
"CN=Host name, OU=Customer Number, OU=SAProuter, O=SAP, C=DE"

5. Verifying the Configuration:

./sapgenpse get_my_name -v -n Issuer

Opening PSE "/usr/sap/saprouter/loc.pse"...


PSE (v2) open ok.
Retrieving my certificate... ok.
Getting requested information... ok.

Page No 6
SSO for USER "root"
with PSE file "/usr/sap/saprouter/loc.pse"

Issuer : CN=SAProuter CA, OU=SAProuter, O=SAP Trust Community II, C=DE


WADDAYA SOLUTIONS

6. ./sapgenpse get_my_name -n validity

SSO for USER "root"


with PSE file "/usr/sap/saprouter/loc.pse"

Validity - NotBefore: Thu Jul 14 12:57:44 2016 (160714095744Z)


NotAfter: Fri Jul 14 12:57:44 2017 (170714095744Z)
SAP Router in Linux BASIS Service

Step 3.

1. Set Environment variables from root user

export SECUDIR=/usr/sap/saprouter
export SNC_LIB=/usr/sap/saprouter/libsapcrypto.so

disply Environment variable path echo $SECUDIR

set this as permanent add it to the file .profile or .bashrc

2. SAPROUTTAB Entry

 Create saprouttab txt file (touch saprouttab)


 vi saprouttab
 sapserv2 (194.39.131.34): Connection via Internet SNC

Page No 7
WADDAYA SOLUTIONS
SAP Router in Linux BASIS Service

3. Start Sap Router Command in Linux

#/usr/sap/saprouter > Enter cmd

./saprouter -r -V 2 -K "p:CN=HOSTNAME, OU=CUSTOMER Number,


OU=SAProuter, O=SAP, C=DE"

Note: check proper space b/w distinguished name


Note: Don’t close terminal after start sap router

4. Stop Sap Router

#/usr/sap/saprouter > Enter cmd

Saprouter –s
If facing any issue check dev_rout file

Page No 8

4 References
WADDAYA SOLUTIONS

[1] SAP AG “SAProuter (BC-CST-NI)”, http://help.sap.com

[2] Waddaya Solutions

Blog.waddaya.com

You might also like