How to Renew SAProuter Certificate

Posted by — April 11, 2014 in SAP BASIS 1 Comment

IMPORTANT – NEW METHOD OF TO RENEW SAPROUTER CERTIFICATE:
Refer to SAP Note 2131531 and below link,
https://support.sap.com/remote-support/help/installing-saprouter.html

1. Before get started, do create a backup copy of the SAProuter folder.

2. In the SAProuter folder, delete the following files,

local.pse
cred_v2
certreq

3. Execute below command. You can obtain the “Distinguished Name” from the http://service.sap.com/saprouter-sncadd from the step 5. Supply the PIN password. The command will output the new local.pse file.

sapgenpse.exe get_pse -v -r certreq -p local.pse "Distinguished Name"
Got absolute PSE path "C:\usr\sap\saprouter\local.pse".
Please enter PIN:
Please reenter PIN:
Supplied distinguished name: "CN=ITsiti, OU=000012345, OU=SAProuter, O=SAP, C=DE"
Creating PSE with format v2 (default)
Generating key (RSA, 2048-bits) ... succeeded.
certificate creation... ok
PSE update... ok
PKRoot... ok
Generating certificate request... ok

4. Head to http://service.sap.com/saprouter-sncadd. Click on Apply Now.

SAProuter Certificate - Apply Now

5. Select the SAProuter Name (Distinguished Name).

SAProuter Certificate - Request Certificate

6. Now, copy the content from the local.pse file (from step 3) and paste into below text field.

SAProuter Certificate - Create CSR on SAProuter

7. Choose Request Certificate. You will get the SAProuter certificate.

SAProuter Certificate - Import Certificate into SAProuter

8. Next, create a new file name srcert (in the same directory with no extension) and copy/paste the certificate (from the step 7) into it.

9. Execute below command to import the certificate into the SAProuter.

sapgenpse.exe import_own_cert srcert -p local.pse

Please enter PIN:
CA-Response successfully imported into PSE "C:\usr\sap\saprouter\local.pse"

10. Assign the SAProuter user credentials. The output will create cred_v2 file.

sapgenpse seclogin -p local.pse -O sidadm

running seclogin with USER="sidadm"
 creating credentials for user "HOSTNAME\sidadm" (yourself)...
Please enter PIN:
 Adjusting credentials and PSE ACLs to include "HOSTNAME\sidadm"...
 Oh, you supplied your own name explicitly ... ok.
   C:\usr\sap\saprouter\sec\cred_v2  ... ok.
   C:\usr\sap\saprouter\local.pse  ... ok.
 Added SSO-credentials (#0) for PSE "C:\usr\sap\saprouter\local.pse"
   "CN=HOSTNAME, OU=0000123456, OU=SAProuter, O=SAP, C=DE"

Finally, verify your SAProuter update validation.

You May Also Like

SMAINTENANCE: Manage the Maintenance Mode

RHBAUS02: Check and Synchronize T77UU (User Data in SAP Memory)

Error when calling application using OLE ALVIEWER.APP

RSWF_TEST_HTTP: Test HTTP Connection

1 Comment

Leave a Reply?