Step-by-Step Saprouter Certificate Renewal Published by rs on July 26, 2010 in BASIS and Technical .Tags: basis, sap, sap blogger, saprouter, sdn blogger. 1. You need to remove the old generated files(certreq, cred_v2, local.pse, srcert) from previous certificate request. To do this you can either rename these files or create a new folder and move these files into it. 2. Login to http://service.sap.com/saprouter-sncadd and click the “Apply now” button. From the list of SAProuters registered to your installation, choose the relevant “Distinguished Name”. 3. Generate the certificate Request. To do this go to your SAProuter server and run this command on the saprouter directory. sapgenpse get_pse -v -r certreq -p local.pse “<Distinguished Name>” Example: sapgenpse get_pse -v -r certreq -p local.pse “CN=example, OU=0000123456, OU=SAProuter, O=SAP, C=DE” You will be asked twice for a PIN here. Please choose a PIN and document it, you have to enter it
Step-by-Step Saprouter Certificate RenewalPublishedbyrsonJuly
26, 2010inBASISandTechnical.Tags:basis,sap,sap
blogger,saprouter,sdn blogger.1. You need to remove the old
generated files(certreq, cred_v2, local.pse, srcert) from previous
certificate request. To do this you can either rename these files
or create a new folder and move these files into it.2. Login to
http://service.sap.com/saprouter-sncadd and click the Apply now
button. From the list of SAProuters registered to your
installation, choose the relevant Distinguished Name.3. Generate
the certificate Request. To do this go to your SAProuter server and
run this command on the saprouter directory.sapgenpse get_pse -v -r
certreq -p local.pse Example: sapgenpse get_pse -v -r certreq -p
local.pse CN=example, OU=0000123456, OU=SAProuter, O=SAP, C=DEYou
will be asked twice for a PIN here. Please choose a PIN and
document it, you have to enter it identically both times. Then you
will have to enter the same PIN every time you want to use this
PSE.4. Display the output file certreq and with copy&paste
(including the BEGIN and END statement) insert the certificate
request into the text area of the same form on the SAP Service
Marketplace from which you copied the Distinguished Name.5. In
response you will receive the certificate signed by the CA in the
Service Marketplace. Copy&paste the text to a new local file
named srcert, which must be created in the same directory as the
sapgenpse executable.6. With this in turn you can install the
certificate in your saprouter by calling: sapgenpse import_own_cert
-c srcert -p local.pse7. Now you will have to create the
credentials for the SAProuter with the same program (if you omit -O
, the credentials are created for the logged in user
account).sapgenpse seclogin -p local.pse -O Note: The account of
the service user should always be entered in full 8. This will
create a file called cred_v2 in the same directory as local.pse9.
To check if the certificate has been imported successfully, run the
following command: sapgenpse get_my_name -v -n IssuerThe name of
the Issuer should be: CN=SAProuter CA, OU=SAProuter, O=SAP,
C=DE
