Professional Documents
Culture Documents
Install SAProuter
Install SAProuter
This section describes the necessary steps to download and install the SAP Cryptographic
Library for use with SAProuter. The SAProuter must be started with the options described
later in this section.
For License conditions of SAP Cryptographic Library please refer to SAP note 597059
(https://launchpad.support.sap.com/#/notes/597059). Only for the connection between SAProuters at SAP and the
rst SAProuter on customer sites, certicates signed by a CA provided by SAP are being used. For all other uses of
SAPCRYPTOLIB for SNC in backend connections, customers are free to choose any CA of their preference or simply
use self-signed certicates as proposed by SAP for SNC connections in general.
Download SAProuter
1. Login to the SAP Support Portal with the S-User ID which is assigned to your installation.
2. Use the latest SAProuter version, which can be downloaded from the SAP Software Download Center
(https://launchpad.support.sap.com/#/softwarecenter).
A-Z Alphabetical List of Products > S > SAPROUTER > SAPROUTER (latest versions) > select OS from drop-down >
select saprouter_XXX-XXXXXXXX.sar > Download Basket button
Notes:
3. Download the latest SAP Cryptographic Library from the SAP Software Download Center
(https://launchpad.support.sap.com/#/softwarecenter).
A-Z Alphabetical List of Products > S > SAPCRYPTOLIB > COMMONCRYPTOLIB (latest version) > select OS from
drop-down > select SAPCRYPTOLIBP_xxxx-xxxxxxxx.SAR > Download Basket button
4. Download the SAPCAR executable, which is necessary to unpack SAR archives, from any Installation Kernel CD or
from the SAP Software Download Center (https://launchpad.support.sap.com/#/softwarecenter).
A-Z Alphabetical List of Products > S > SAPCAR > SAPCAR (latest version)
>your preferred O.S. version > SAPCAR_xxx-xxxxxxxx.EXE
5. Execute the command SAPCAR_XXX-XXXXXXXX.EXE -xvf saprouter_XXX-XXXXXXXX.sar which will unpack the
following les:
saprouter[.exe]
niping[.exe}]
[lib]sapcrypto.[dll|so|sl]
sapgenpse[.exe]
Note:
SAP recommends that you unpack the SAPCRYPTOLIBP, SAPCAR and SAPCRYPTOLIBP les in the designated
SAProuter directory.
https://support.sap.com/en/tools/connectivity-tools/saprouter/install-saprouter.html 1/4
7/5/2017 Install SAProuter
Install SAProuter
Create a Certicate Request
UNIX
SECUDIR = <directory_of_SAProuter>
SNC_LIB = <path_to_libsecude>/<name_of_sapcrypto_library>
SECUDIR = <directory_of_SAProuter>
SNC_LIB = <drive>:\<path_to_libsecude>\sapcrypto.dll
Notes:
After conguring the variables in Windows, verify them with the command 'set'. In case the variables are not
displayed as entered, reboot the server.
Example:
4. Display the output le "certreq" and with copy & paste (including the BEGIN and END statement) insert the
certicate request into the text area of the same form on the SAP Service Marketplace from which you copied the
Distinguished Name.
5. In response you will receive the certicate signed by the CA in the Service Marketplace. Copy & paste the text to a
new local le named "srcert", which must be created in the same directory as the sapgenpse executable.
6. With this in turn you can install the certicate in your SAProuter by calling:
7. Now you will have to create the credentials for the SAProuter with the same program (if you omit -O
<user_for_SAProuter>, the credentials are created for the logged in user account):
Notes:
The account of the service user should always be entered in full <domainname>\<username>
For increased security, check that the le can only be accessed by the user running SAProuter
On UNIX, do not allow any other access (not even from the same group) as this will mean permissions being set to
600 or even 400
On Windows check that the permissions are granted only to the user the service is running as
9. Check if the certicate has been imported successfully with the following command:
https://support.sap.com/en/tools/connectivity-tools/saprouter/install-saprouter.html 2/4
7/5/2017 Install SAProuter
CN=SAProuter CA, OU=SAProuter, O=SAP Trust Community II, C=DE
Install SAProuter 10. If this is not the case, delete the les "cred_v2", "local.pse", "srcert" and "certreq" and start over at item 3. If the
output still does not match, open an incident using component XX-SER-NET stating the actions you have taken so far
and the output of the commands 3.,6.,7. and 9.
Check if the environment of the account running SAProuter contains the environment variables SNC_LIB and
SECUDIR
UNIX - printenv
The corresponding le saprouttab, a local le that must be created manually and is normally created in the main
SAProuter-directory, must contain at least the following entries :
# R/3 Instance: 00
D***
https://support.sap.com/en/tools/connectivity-tools/saprouter/install-saprouter.html 3/4
7/5/2017 Install SAProuter
# SNC connection to local system for R/3-Support
Install SAProuter # R/3 Server: 192.168.1.
# R/3 Instance: 00
D***
Start the SAProuter with the following command line (to start the SAProuter as a Windows service, follow the steps
described in SAP Note 525751 (https://launchpad.support.sap.com/#/notes/525751)):
<Distingushed Name> : you can nd this parameter on the Certication webpage (https://support.sap.com/remote-
support/saprouter/saprouter-certicates.html) after you click the Apply Now button.
Example
Note:
Follow
Terms of Use (/en/terms-of-use.html) Privacy (http://go.sap.com/corporate/en/legal/privacy.html) Copyright (http://go.sap.com/corporate/en/legal/copyright.html)
Legal Disclosure (http://go.sap.com/corporate/en/legal/impressum.html) Trademark (http://go.sap.com/corporate/en/legal/trademark.html) Sub-processors (/en/my-support/subprocessors.html)
Contact Us (/en/contact-us.html)
https://support.sap.com/en/tools/connectivity-tools/saprouter/install-saprouter.html 4/4