Header Ads Widget

Responsive Advertisement

Steps to Create / Renew the SAProuter Certificate Request –

Suresh Chowdary January 05, 2013


Steps to Create / Renew the SAProuter Certificate Request 


First of all, take a Printout of the Document “Installing the sapcrypto library and starting the SAProuter” by Logging into the SAP Service Marketplace by going to the http://service.sap.com/saprouter-sncdoc  through Internet Explorer
A small screen will appear, Click on “OK”
User Name : s0002761414
Password :
And Click “OK”
Copy the Complete Text under Document “Installing the sapcrypto library and starting the SAProuter” into a Word Document and take a Printout for Ready Reference.
Now, again,
Login to the SAP Service Marketplace by going to the http://service.sap.com/saprouter-sncadd  through Internet Explorer
A small screen will appear, Click on “OK”
User Name : s0002761414
Password :
And Click “OK”
A new screen will appear, Click on “Apply Now !”
Select the certificate :   CN=sachin, OU=0000442811, OU=SAProuter, O=SAP, C=DE
And Click “Continue”

Now, in your PC (on which SAProuter is configured), go to the My Computer à   (C: ) à “usr” folder à “sap” folder à “saprouter” folder
And Rename the “local.pse” file as “local.pse.old1”

Now, again, in your PC (on which SAProuter is configured), go to Run à cmd à and you will be on the Command Promp Screen as follows
C:\Documents and Settings\ADMINISTRATOR1>
Write as follows
C:\Documents and Settings\ADMINISTRATOR1>cd..   (Press Enter)
C:\Documents and Settings>cd..    (Press Enter)
OR
C:\Documents and Settings\ADMINISTRATOR1>cd\
And you reach following
C:\>
Write as follows
C:\>cd usr\sap\ntintel  (Press Enter)
Write as follows which is Command No. 3
C:\usr\sap\ntintel>sapgenpse get_pse -v -r certreq -p local.pse "CN=sachin, OU=0
000442811, OU=SAProuter, O=SAP, C=DE"
Got absolute PSE path "c:\usr\sap\saprouter\local.pse".
Please enter PIN:       (you need to write it and Press Enter)
Please reenter PIN:      (you need to write it and Press Enter)
 Supplied distinguished name: "CN=sachin, OU=0000442811, OU=SAProuter, O=SAP, C=DE"
 Generating key (RSA, 1024-bits) ... succeeded.
 certificate creation... ok
 PSE update... ok
 PKRoot... ok
Generating certificate request... ok.
C:\usr\sap\ntintel>

Now open a new Notepad File, in the File got to
File à Open à (C: ) à “usr” folder à “sap” folder à “ntintel” folder
Files of type :  All Files
Select the File “ certreq” and Click “Open”
Copy the Complete Text and Paste the same in the Box under the “Insert the Certificate Signing Request” shown in the SAP Service Marketplace (which you had open earlier after clicking “Apply Now!” and “Continue”  above)
Now, Click on “Request Certificate”

A New Certificate in the Text Format will be shown on the SAP Service Marketplace Screen.
Copy this Complete Text in a New Notepad File and Save it in
C:\usr\sap\saprouter
by the name “srcert.txt”
It will ask for Replacing earlier file, say Yes.
Now, this “srcert.txt” is to be Renamed as “srcert” by going to the Command Prompt and as follows
C:\usr\sap\ntintel>cd\
C:\>cd usr\sap\saprouter
C:\usr\sap\saprouter>ren srcert.txt srcert
(and your File “srcert.txt” is Renamed as “srcert”)
Now, Copy the “srcert” file from the “saprouter” folder and Paste it in the “ntintel” folder.
Now, go to the Command Prompt and as follows
C:\usr\sap\saprouter>cd\
C:\>cd usr\sap\ntintel   (Press Enter)
C:\usr\sap\ntintel>   (Write Command No. 7 here as follows, which will Import the Certificate)
C:\usr\sap\ntintel>sapgenpse import_own_cert -c srcert -p local.pse
CA-Response successfully imported into PSE "c:\usr\sap\saprouter\local.pse"

C:\usr\sap\ntintel>  (Write Command No. 8 here as follows)
C:\usr\sap\ntintel>sapgenpse seclogin -p local.pse
 running seclogin with USER="ADMINISTRATOR1"
Please enter PIN:                      (you need to write it and Press Enter)
 Added SSO-credentials for PSE "c:\usr\sap\saprouter\local.pse"
   "CN=sachin, OU=0000442811, OU=SAProuter, O=SAP, C=DE"
( In the above command  “sapgenpse seclogin -p local.pse –O ADMINISTRATOR1” could also be written or any Other User Name could bee given, which would have restricted the SAProuter to Function Only with that User Name Logged In as a User)
Now, to Check if the Certificate has been imported correctly, use the Command No. 10 as follows
C:\usr\sap\ntintel>sapgenpse get_my_name -v -n Issuer
 Opening PSE "c:\usr\sap\saprouter\local.pse"...
 PSE open ok.
 ok.
 Retrieving my certificate... ok.
 Getting requested information... ok.
SSO for USER "ADMINISTRATOR1"
  with PSE file "c:\usr\sap\saprouter\local.pse"

Issuer  : CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE

(the above “Issuer” is same as given in the Command No. 10 of the Document “Installing the sapcrypto library and starting the SAProuter”)

C:\usr\sap\ntintel>
Now, the SAP Router Certificate has been Renewed and is OK for Use !!!



Suresh Chowdary

Posted by: Suresh Chowdary

Post a Comment

0 Comments

How to handle HANA Alert 51: 'Size of diagnosis files HANA

How to handle HANA Alert 51: 'Size of diagnosis files

Suresh Chowdary July 10, 2022

Symptom This KBA is part of a series of Knowledge Base Articles (KBAs). Its focus is …