Scribd Logo
Upload

Welcome to Scribd!

  • SAP Install SAProuter

    Uploaded by

    prasad kkav
    156 views4 pages
    SAP Install SAProuter

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    SAP Install SAProuter

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    156 views4 pages

    SAP Install SAProuter

    Uploaded by

    prasad kkav
    SAP Install SAProuter

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    7/5/2017 Install SAProuter

    Install SAProuter
    Install SAProuter
    This section describes the necessary steps to download and install the SAP Cryptographic
    Library for use with SAProuter. The SAProuter must be started with the options described
    later in this section.
    For License conditions of SAP Cryptographic Library please refer to SAP note 597059
    (https://launchpad.support.sap.com/#/notes/597059). Only for the connection between SAProuters at SAP and the
    rst SAProuter on customer sites, certicates signed by a CA provided by SAP are being used. For all other uses of
    SAPCRYPTOLIB for SNC in backend connections, customers are free to choose any CA of their preference or simply
    use self-signed certicates as proposed by SAP for SNC connections in general.

    Download SAProuter

    1. Login to the SAP Support Portal with the S-User ID which is assigned to your installation.

    2. Use the latest SAProuter version, which can be downloaded from the SAP Software Download Center
    (https://launchpad.support.sap.com/#/softwarecenter).

    On the Support Packages & Patches tab click:

    A-Z Alphabetical List of Products > S > SAPROUTER > SAPROUTER (latest versions) > select OS from drop-down >
    select saprouter_XXX-XXXXXXXX.sar > Download Basket button

    Notes:

    In Linux be sure to set environment variable $LIBPATH to SAProuter-directory if needed

    In Windows, possibly also implement SAP Note 1553465 (https://launchpad.support.sap.com/#/notes/1553465)

    In OS400, follow all instructions in SAP Note 2173275 (https://launchpad.support.sap.com/#/notes/2173275)

    3. Download the latest SAP Cryptographic Library from the SAP Software Download Center
    (https://launchpad.support.sap.com/#/softwarecenter).

    On the Support Packages & Patches tab click:

    A-Z Alphabetical List of Products > S > SAPCRYPTOLIB > COMMONCRYPTOLIB (latest version) > select OS from
    drop-down > select SAPCRYPTOLIBP_xxxx-xxxxxxxx.SAR > Download Basket button

    4. Download the SAPCAR executable, which is necessary to unpack SAR archives, from any Installation Kernel CD or
    from the SAP Software Download Center (https://launchpad.support.sap.com/#/softwarecenter).

    On the Support Packages & Patches tab click:

    A-Z Alphabetical List of Products > S > SAPCAR > SAPCAR (latest version)
    >your preferred O.S. version > SAPCAR_xxx-xxxxxxxx.EXE

    5. Execute the command SAPCAR_XXX-XXXXXXXX.EXE -xvf saprouter_XXX-XXXXXXXX.sar which will unpack the
    following les:

    saprouter[.exe]

    niping[.exe}]

    6. Execute the command SAPCAR_XXX-XXXXXXXX.EXE -xvf SAPCRYPTOLIBP_XXXX-XXXXXXXX.SAR which will


    unpack the following les:

    [lib]sapcrypto.[dll|so|sl]

    sapgenpse[.exe]

    Note:

    SAP recommends that you unpack the SAPCRYPTOLIBP, SAPCAR and SAPCRYPTOLIBP les in the designated
    SAProuter directory.

    https://support.sap.com/en/tools/connectivity-tools/saprouter/install-saprouter.html 1/4
    7/5/2017 Install SAProuter

    Install SAProuter
    Create a Certicate Request

    1. Logged on as an administrator, set the environment variables SNC_LIB and SECUDIR:

    UNIX

    SECUDIR = <directory_of_SAProuter>

    SNC_LIB = <path_to_libsecude>/<name_of_sapcrypto_library>

    Windows NT, 2000, XP or higher

    SECUDIR = <directory_of_SAProuter>

    SNC_LIB = <drive>:\<path_to_libsecude>\sapcrypto.dll

    Notes:

    After conguring the variables in Windows, verify them with the command 'set'. In case the variables are not
    displayed as entered, reboot the server.

    If the O.S. of SAProuter is OS400, implement SAP Note 2173275.


    (https://launchpad.support.sap.com/#/notes/2173275)

    2. Change to Certication (https://support.sap.com/remote-support/saprouter/saprouter-certicates.html). From


    the list of SAProuters registered to your installation, choose the relevant "Distinguished Name".

    3. Generate the certicate request with the following command:

    sapgenpse get_pse -v -a sha256WithRsaEncryption -s 2048 -r certreq -p local.pse "<Distinguished Name>"

    Example:

    sapgenpse get_pse -v -a sha256WithRsaEncryption -s 2048 -r certreq -p local.pse "CN=example, OU=0000123456,


    OU=SAProuter, O=SAP, C=DE"

    Alternatively use either of these two commands:

    sapgenpse get_pse -v -a sha256WithRsaEncryption -s 2048 -noreq -p local.pse "<Distinguished Name>"

    sapgenpse get_pse -v -onlyreq -r certreq -p local.pse

    4. Display the output le "certreq" and with copy & paste (including the BEGIN and END statement) insert the
    certicate request into the text area of the same form on the SAP Service Marketplace from which you copied the
    Distinguished Name.

    5. In response you will receive the certicate signed by the CA in the Service Marketplace. Copy & paste the text to a
    new local le named "srcert", which must be created in the same directory as the sapgenpse executable.

    6. With this in turn you can install the certicate in your SAProuter by calling:

    sapgenpse import_own_cert -c srcert -p local.pse

    7. Now you will have to create the credentials for the SAProuter with the same program (if you omit -O
    <user_for_SAProuter>, the credentials are created for the logged in user account):

    sapgenpse seclogin -p local.pse -O <user_for _SAProuter>

    8. This will create a le called "cred_v2" in the same directory as "local.pse"

    Notes:

    The account of the service user should always be entered in full <domainname>\<username>

    For increased security, check that the le can only be accessed by the user running SAProuter

    On UNIX, do not allow any other access (not even from the same group) as this will mean permissions being set to
    600 or even 400

    On Windows check that the permissions are granted only to the user the service is running as

    9. Check if the certicate has been imported successfully with the following command:

    sapgenpse get_my_name -v -n Issuer

    The name of the issuer should be:

    https://support.sap.com/en/tools/connectivity-tools/saprouter/install-saprouter.html 2/4
    7/5/2017 Install SAProuter
    CN=SAProuter CA, OU=SAProuter, O=SAP Trust Community II, C=DE
    Install SAProuter 10. If this is not the case, delete the les "cred_v2", "local.pse", "srcert" and "certreq" and start over at item 3. If the
    output still does not match, open an incident using component XX-SER-NET stating the actions you have taken so far
    and the output of the commands 3.,6.,7. and 9.

    Required Actions Before Starting SAProuter

    Check if the environment of the account running SAProuter contains the environment variables SNC_LIB and
    SECUDIR

    UNIX - printenv

    Windows NT, 2000, XP - User enviornment variable

    The corresponding le saprouttab, a local le that must be created manually and is normally created in the main
    SAProuter-directory, must contain at least the following entries :

    Example SAPROUTTAB for SNC connections registered to sapserv2 in Germany

    # SNC connection to and from SAP

    KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

    # SNC connection to local system for R/3-Support

    # R/3 Server: 192.168.1.1

    # R/3 Instance: 00

    KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.1.1 3200 (optional SAProuter password)

    # SNC connection to local WINDOWS system for WTS, if applicable

    # Windows server: 192.168.1.2

    # Default WTS port: 3389

    KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.1.2 3389 (optional SAProuter password)

    # SNC connection to local UNIX system for SAPtelnet, if applicable

    # UNIX server: 192.168.1.3

    # Default Telnet port: 23

    KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.1.3 23 (optional SAProuter password)

    # SNC connection to local Portal system for URL access, if applicable

    # Portal server: 192.168.1.4

    # Port number: 50003

    KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.1.4 50003 (optional SAProuter password)

    # Access from the local Network to SAP

    P 192.168.*.* 194.39.131.34 3299

    # deny all other connections

    D***

    Example SAPROUTTAB for SNC connections registered to sapserv9 in Singapore

    # SNC connection to and from SAP

    KT "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 169.145.197.110 *

    https://support.sap.com/en/tools/connectivity-tools/saprouter/install-saprouter.html 3/4
    7/5/2017 Install SAProuter
    # SNC connection to local system for R/3-Support
    Install SAProuter # R/3 Server: 192.168.1.

    # R/3 Instance: 00

    KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 192.168.1.1 3200 (optional SAProuter password)

    # SNC connection to local WINDOWS system for WTS, if applicable

    # Windows server: 192.168.1.2

    # Default WTS port: 3389

    KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 192.168.1.2 3389 (optional SAProuter password)

    # SNC connection to local UNIX system for SAPtelnet, if applicable

    # UNIX server: 192.168.1.3

    # Default Telnet port: 23

    KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 192.168.1.3 23 (optional SAProuter password)

    # SNC connection to local Portal system for URL access, if applicable

    # Portal server: 192.168.1.4

    # Port number: 50003

    KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 192.168.1.4 50003 (optional SAProuter password)

    # Access from the local Network to SAP

    P 192.168.*.* 169.145.197.110 3299

    # deny all other connections

    D***

    Start the SAProuter with the following command line (to start the SAProuter as a Windows service, follow the steps
    described in SAP Note 525751 (https://launchpad.support.sap.com/#/notes/525751)):

    -K tells the SAProuter to start with loading the SNC library

    <Distingushed Name> : you can nd this parameter on the Certication webpage (https://support.sap.com/remote-
    support/saprouter/saprouter-certicates.html) after you click the Apply Now button.

    Example

    saprouter -r -K "p:CN=example, OU=0000123456, OU=SAProuter, O=SAP, C=DE"

    If you omit -S , the process is being started on default Port 3299.

    Note:

    If the O.S. of SAProuter is OS400, implement SAP Note 1818735


    (https://launchpad.support.sap.com/#/notes/1818735)

    If SAProuter fails to start, also implement SAP Note 684106 (https://launchpad.support.sap.com/#/notes/684106)


    - Microsoft runtime DLLs.

    Follow
    Terms of Use (/en/terms-of-use.html) Privacy (http://go.sap.com/corporate/en/legal/privacy.html) Copyright (http://go.sap.com/corporate/en/legal/copyright.html)
    Legal Disclosure (http://go.sap.com/corporate/en/legal/impressum.html) Trademark (http://go.sap.com/corporate/en/legal/trademark.html) Sub-processors (/en/my-support/subprocessors.html)
    Contact Us (/en/contact-us.html)

    https://support.sap.com/en/tools/connectivity-tools/saprouter/install-saprouter.html 4/4

    You might also like