How to Renew The sap router License and Certificate??
You need to remove the old generated files(certreq, cred_v2, local.pse, srcert) from directory xx\usr\sap\saprouter.
from previous certificate request. To do this you can either
rename these files or create a new folder and move these files into it.
Login to the portal and apply the router certificate
https://websmp204.sap-ag.de/saprouter-sncadd
https://support.sap.com/remote-support/saprouter/saprouter-certificates.html
run below commnat to your saprouter system and generate certificate request file.
Router path:XX:\usr\sap\saprouter
sapgenpse get_pse -v -r certreq -p local.pse "CN=SAPROUTER, OU=00971xxxxxxx6(My Whatsaap), OU=SAProuter, O=SAP, C=DE"
you will be asked to enter password for security enter your password
======================================================================
C:\usr\sap\saprouter>sapgenpse get_pse -v -r certreq -p local.pse "CN=SAPROUTER
, OU=xxxxxxx(My Whatsaap), OU=SAProuter, O=SAP, C=DE"
Got absolute PSE path "C:\usr\sap\saprouter\local.pse".
Please enter PSE PIN/Passphrase: *********
Please reenter PSE PIN/Passphrase: *********
!!! WARNING: For security reasons it is recommended to use a PIN/passphrase
!!! WARNING: which is at least 8 characters long and contains characters in
!!! WARNING: upper and lower case, numbers and non-alphanumeric symbols.
Supplied distinguished name: "CN=SAPROUTER, OU=009715xxxxxx(My Whatsaap), OU=SAProuter, O=SAP,
C=DE"
Creating PSE with format v2 (default)
succeeded.
certificate creation... ok
PSE update... ok
PKRoot... ok
Generating certificate request... ok.
Two file will be created local.pse and certreq.
Open certreq file and copy past to SMP certificate request colum and proceed next then it be will generated your certificate.
Copy your certificate key to scert file and import to local.pse using the following command
===========================================================================================
C:\usr\sap\saprouter>sapgenpse import_own_cert -c C:\usr\sap\saprouter\srcert -p
C:\usr\sap\saprouter\local.pse
Please enter PSE PIN/Passphrase: *********
CA-Response successfully imported into PSE "C:\usr\sap\saprouter\local.pse"
Now you have to create the credentials for the SAProuter with the same program.
This will create a file called “cred_v2″ in the same directory as “local.pse”
use the below command to run this
=================================================================================
C:\usr\sap\saprouter>sapgenpse seclogin -p C:\usr\sap\saprouter\local.pse -O sap
routeradmin
running seclogin with USER="SAPRouterAdmin"
creating credentials for user "SAPROUTER\SAPRouterAdmin" (yourself)...
Please enter PSE PIN/Passphrase: *********
Adjusting credentials and PSE ACLs to include "SAPROUTER\SAPRouterAdmin"...
Oh, you supplied your own name explicitly ... ok.
C:\usr\sap\saprouter\cred_v2 ... ok.
C:\usr\sap\saprouter\local.pse ... ok.
Added SSO-credentials for PSE "C:\usr\sap\saprouter\local.pse"
To check if the certificate has been imported successfully, run the following command
================================================================================
sapgenpse get_my_name -v -n Issuer
C:\usr\sap\saprouter>sapgenpse get_my_name -v -n Issuer
Opening PSE "C:\usr\sap\saprouter\local.pse"...
PSE (v2) open ok.
Retrieving my certificate... ok.
Getting requested information... ok.
SSO for USER "SAPRouterAdmin"
with PSE file "C:\usr\sap\saprouter\local.pse"
Issuer : CN=SAProuter CA, OU=SAProuter, O=SAP Trust Community II, C=DE
By executing follwing command you can see the renewed license validity
=========================================================================
sapgenpse get_my_name -v -n validity
C:\usr\sap\saprouter>sapgenpse get_my_name -v -n validity
Opening PSE "C:\usr\sap\saprouter\local.pse"...
PSE (v2) open ok.
Retrieving my certificate... ok.
Getting requested information... ok.
SSO for USER "SAPRouterAdmin"
with PSE file "C:\usr\sap\saprouter\local.pse"
Validity - NotBefore: Sat Jun 25 09:52:11 2016 (160625055211Z)
NotAfter : Sun Jun 25 09:52:11 2017 (170625055211Z)
Thanks
Yoonus
You need to remove the old generated files(certreq, cred_v2, local.pse, srcert) from directory xx\usr\sap\saprouter.
from previous certificate request. To do this you can either
rename these files or create a new folder and move these files into it.
Login to the portal and apply the router certificate
https://websmp204.sap-ag.de/saprouter-sncadd
https://support.sap.com/remote-support/saprouter/saprouter-certificates.html
run below commnat to your saprouter system and generate certificate request file.
Router path:XX:\usr\sap\saprouter
sapgenpse get_pse -v -r certreq -p local.pse "CN=SAPROUTER, OU=00971xxxxxxx6(My Whatsaap), OU=SAProuter, O=SAP, C=DE"
you will be asked to enter password for security enter your password
======================================================================
C:\usr\sap\saprouter>sapgenpse get_pse -v -r certreq -p local.pse "CN=SAPROUTER
, OU=xxxxxxx(My Whatsaap), OU=SAProuter, O=SAP, C=DE"
Got absolute PSE path "C:\usr\sap\saprouter\local.pse".
Please enter PSE PIN/Passphrase: *********
Please reenter PSE PIN/Passphrase: *********
!!! WARNING: For security reasons it is recommended to use a PIN/passphrase
!!! WARNING: which is at least 8 characters long and contains characters in
!!! WARNING: upper and lower case, numbers and non-alphanumeric symbols.
Supplied distinguished name: "CN=SAPROUTER, OU=009715xxxxxx(My Whatsaap), OU=SAProuter, O=SAP,
C=DE"
Creating PSE with format v2 (default)
succeeded.
certificate creation... ok
PSE update... ok
PKRoot... ok
Generating certificate request... ok.
Two file will be created local.pse and certreq.
Open certreq file and copy past to SMP certificate request colum and proceed next then it be will generated your certificate.
Copy your certificate key to scert file and import to local.pse using the following command
===========================================================================================
C:\usr\sap\saprouter>sapgenpse import_own_cert -c C:\usr\sap\saprouter\srcert -p
C:\usr\sap\saprouter\local.pse
Please enter PSE PIN/Passphrase: *********
CA-Response successfully imported into PSE "C:\usr\sap\saprouter\local.pse"
Now you have to create the credentials for the SAProuter with the same program.
This will create a file called “cred_v2″ in the same directory as “local.pse”
use the below command to run this
=================================================================================
C:\usr\sap\saprouter>sapgenpse seclogin -p C:\usr\sap\saprouter\local.pse -O sap
routeradmin
running seclogin with USER="SAPRouterAdmin"
creating credentials for user "SAPROUTER\SAPRouterAdmin" (yourself)...
Please enter PSE PIN/Passphrase: *********
Adjusting credentials and PSE ACLs to include "SAPROUTER\SAPRouterAdmin"...
Oh, you supplied your own name explicitly ... ok.
C:\usr\sap\saprouter\cred_v2 ... ok.
C:\usr\sap\saprouter\local.pse ... ok.
Added SSO-credentials for PSE "C:\usr\sap\saprouter\local.pse"
To check if the certificate has been imported successfully, run the following command
================================================================================
sapgenpse get_my_name -v -n Issuer
C:\usr\sap\saprouter>sapgenpse get_my_name -v -n Issuer
Opening PSE "C:\usr\sap\saprouter\local.pse"...
PSE (v2) open ok.
Retrieving my certificate... ok.
Getting requested information... ok.
SSO for USER "SAPRouterAdmin"
with PSE file "C:\usr\sap\saprouter\local.pse"
Issuer : CN=SAProuter CA, OU=SAProuter, O=SAP Trust Community II, C=DE
By executing follwing command you can see the renewed license validity
=========================================================================
sapgenpse get_my_name -v -n validity
C:\usr\sap\saprouter>sapgenpse get_my_name -v -n validity
Opening PSE "C:\usr\sap\saprouter\local.pse"...
PSE (v2) open ok.
Retrieving my certificate... ok.
Getting requested information... ok.
SSO for USER "SAPRouterAdmin"
with PSE file "C:\usr\sap\saprouter\local.pse"
Validity - NotBefore: Sat Jun 25 09:52:11 2016 (160625055211Z)
NotAfter : Sun Jun 25 09:52:11 2017 (170625055211Z)
Thanks
Yoonus
