Go to the http://service.sap.com/saprouter-sncadd
Get the "Distinguished Name" for your SAProuter from the list of SAP
router’s registered for your installation.
1.As user
SECUDIR =
--
SECUDIR = C:\USR\SAP\SAPROUTER
SNC_LIB = C:\USR\SAP\SAPROUTER\SAPCRYPTO.DLL
2. Alternatively use the two commands:
sapgenpse get_pse -v -noreq -p local.pse "
eg--> sapgenpse get_pse -v -noreq -p local.pse "CN=HOSTNAME,
OU=0000XXXXXX, OU=SAProuter, O=SAP, C=DE"
sapgenpse get_pse -v -onlyreq -r certreq -p local.pse
3. Display the output file "certreq" and with copy & paste insert
the certificate request into the text area of the same form on
service.sap.com/TCS from which you copied the Distinguished Name
4. In response you will receive the certificate signed by the CA
in the Service Marketplace, copy & paste the text to a local file named
srcert
5. With this in turn you can install the certificate in your
saprouter by calling
sapgenpse import_own_cert -c srcert -p local.pse
6. now you will have to create the credentials for the SAProuter
with the same program (if you omit -O
created for the logged in user account)
sapgenpse seclogin -p local.pse
7. This will create a file called cred_v2 in the same directory.
8. Check if the certificate has been imported correctly
sapgenpse get_my_name -v -n Issuer
The name of the Issuer should be:
CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE
If this is not the case, delete the files cred_v2, local.pse and start
over at Item 4. If the output still does not match please open a
customer message in component XX-SER-NET-OSS stating the actions you
have taken so far and the output of the commands
Few additional commands
sapgenpse get_my_name -v -n validity (for checking validity of SAProuter)
saprouter -r -V3 -T log (for detailed error log)
No comments:
Post a Comment