Saturday, February 25, 2012

SAP Router Configuration step by step interview patron


Before going for Router installation check that for your public IP is open to sap or not.
Check for all the necessary ports. 
3299 is open to Router on SAP SIDE: 194.39.131.34
If it’s new server provide details to SAP with your <Distingushed Name>" and hostname to SAP for Certificate generation. 

Follow Below steps

1. Create a Userid like ‘ sncadm’
2. Login to the SAP Service Marketplace with the Service Marketplace USERID which is assigned to your installation.
3. Use the latest SAProuter version, which can be downloaded from SAP Service Marketplace (alias /SWDC).
4. Change to the alias /SAPROUTER-SNCADD.
5. Click on “Download Area” > “SAP Cryptographic Software” and select the correct sapcrypto library for your SAProuter "<op-sys>". Save the file to the directory where the SAProuter executable is located.
6. You can get the file car.exe/sapcar.exe, which is necessary to unpack the archive from any Installation Kernel CD. Executing the command SAPCAR -xvf SAPCRYPTO.CAR will unpack the following files: [lib]sapcrypto.[dll|so|sl] sapgenpse[.exe] , ticket
7. Edited the string in the registry under
MyComputer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ saprouter and changed to “under ImagePath.

8. Information as of POINT 6:: Unpacking of SAPCRYPTO archive
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
c:\usr\sap\saprouter>sapcar -xvf sapcrypto.CAR
Processing archive sapcrypto.CAR...
x Changelog.txt
x LEGAL.TXT
x LICENSE.TXT
x Ver555.pl17
x WHICH.TXT
x ntintel
x ntintel/sapcrypto.dll
x ntintel/sapgenpse.exe
x ticket

9. Set your environment variable for user (sncadm) SNC_LIB and SECUDIR:

Screenshot provided below.

10. Make an entry on your service file if windows then in etc/hosts/services
If Unix then etc/hosts

Make the same entry in Router and your entire server. ( DEV, QAS, PRD) 

Screenshot provided for reference. 

11. Generate the certificate Request with the command:
sapgenpse get_pse -v -r certreq -p local.pse “<Distinguished Name>”
Example:
sapgenpse get_pse -v -r certreq -p local.pse “CN=example, OU=0000123456,
OU=SAProuter, O=SAP, C=DE”
Alternatively use the two commands:
sapgenpse get_pse -v -noreq -p local.pse “<Distinguished Name>”
sapgenpse get_pse -v -onlyreq -r certreq -p local.pse
You will be asked twice for a PIN here. Please choose a PIN and document it, you have to enter it identically both times. Then you will have to enter the same PIN every time you want to use
this PSE.

12. Display the output file "certreq" and with copy&paste (including the BEGIN and END statement) insert the certificate request into the text area of the same form on the SAP Service Marketplace from which you copied the Distinguished Name.

13. In response you will receive the certificate signed by the CA in the Service Marketplace. Copy&paste the text to a new local file named "srcert", which must be created in the same directory as the sapgenpse executable.

14. With this in turn you can install the certificate in your saprouter by calling:
sapgenpse import_own_cert -c srcert -p local.pse

15. Now you will have to create the credentials for the SAProuter with the same program (if you omit -O <user_for_saprouter>, the credentials are created for the logged in user account).
sapgenpse seclogin -p local.pse -O <user_for _saprouter>
Note: The account of the service user should always be entered in full
<domainname>\<username>

16. This will create a file called "cred_v2" in the same directory as "local.pse"

17. Check if the certificate has been imported successfully with the following command:
sapgenpse get_my_name -v -n Issuer
The name of the Issuer should be:
CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE

18. If this is not the case, delete the files "cred_v2"and "local.pse" and start over

19. Once done please make confirm from SAP.
20. Also make sure connection saposs in sm59 working fine

Reactions:

0 comments:

Post a Comment