Tuesday, July 22, 2014

Configure router for your sap landscape

Downloading necessary software components from SAP Service Marketplace

1.      Login to the SAP Service Marketplace https://websmp210.sap-ag.de/swdc

with the Service Marketplace USERID which is assigned to you during installation and download the SAR file for SAPROUTER that suits your system.

The path for the download is as follows

https://service.sap.com/swdc

-> Download

-> Support Packages and Patches -> Entry by Application Group -> Additional Components
-> SAPROUTER
  
2.      Create a folder dedicated to saprouter in a clean drive (eg: saprouter in d:) and save the downloaded SAPROUTER SAR file and uncar it in the same folder that we have newly created



 Note : You can get the file car.exe/sapcar.exe, You can get the sapcar.exe from service marketplace or your can copy the sapcar.exe from kernel directory.




3.     Download the SAP Cryptographic file from the market place https://service.sap.com/swdc  navigate as below

Support packages and patches
A-Z index
click on S
See the below figure






4.      Copy the Cryptographic file to the saprouter folder in d:
5.      Uncar it in the same folder as per the previous step using sapcar file

Executing the command in command prompt sapcar -xvf SAPCRYPTO.CAR will unpack the following files:

[lib]sapcrypto.[dll|so|sl]

sapgenpse[.exe] ticket 

6). Once the SAPCRYPTO.SAR file is uncard, it will generate the Ntintel and/or nt_x86_64 folder (for windows only) with the following files

[lib]sapcrypto.[dll|so|sl]

sapgenpse[.exe] ticket

7)..Also download the Service connector software and install the same.

On service marketplace navigate to the help and support
maintain a connection
Click on the system as displayed in the list.
click on service connector download.

See the below screencapture




7). As user <snc>adm or router user set the environment variables
SECUDIR = <directory_of_saprouter> as below screenshot
SNC_LIB = <directory_of_saprouter>/nt-x86_64/sapcrypto.dll

To set these variable navigate to 
my computer->Properties->Advanced setting->advanced tab->user varaiable for<sncadm> or sid<adm> as shown below



8.)Open the command prompt as <sid>adm or<snc>adm user than navigate to the ntintel folder and execute the below command to generate the certreq fil.
A certreq file will be generated in ntintel folder after executing the below.



sapgenpse get_pse -v -r certreq -p local.pse "<Your Distinguished Name>"



NOte: The distinguish name can be found from service market place by going to link https://websmp210.sap-ag.de/SAPROUTER-SNCADD

Click on Apply Now you will find distinguish name something like
“CN=(saproutername), OU=0000(customer number) OU=SAProuter O=SAP, C=DE”



see the image below



Now open the file certreq with notepad and copy all the content of that file from begin to end certificate.


9).On the same link from you have got your distinguish name click on continue and paste the content of certreq file                                                                                                                                  

10). Click on Request certificate,You will recieve the certificate signed by CA as shown below.

11).Copy & paste the text to a local file (notepad) name it as srcert from

-------BEGIN CERTIFICATE ----

-------END CERTIFICATE -------

12). Execute the Below command to import the certificate

sapgenpse import_own_cert -c srcert -p local.pse



 13). now you will have to create the credentials for the SAProuter with the same program (if you omit - O <user>, the credentials are created for the logged in user account)

sapgenpse seclogin -p local.pse -O <user_for _saprouter>


This will create a file called cred_v2 in the same directory.

For increased security please check that the file can only be accessed by the user running the SAProuter.

Do not allow any other access (not even from the same group)! On UNIX this will mean permissions being set to 600 or even 400!

On NT check that the permissions are granted only to the user the service is running as!


14). Check if the certificate has been imported correctly

sapgenpse get_my_name -v -n Issuer


If this is not the case, delete the files cred_v2, local.pse and start over at Item 4. If the output still does not match please open a customer message in component XX-SER-NET-OSS stating the actions you have taken so far and the output of the commands 4.,7.,8. and 10



15). You will need to create the SAProuttab file (local notepad file) with the following contents and place it in the saprouter folder: ( eg d:\saprouter ) and not in NTIntel folder

194.39.131.34 – SAP’s router IP

#--------------------------------
##Contents of routtab
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

# SNC-connection from SAP to local R/3-System for Support KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * *

P * 194.39.131.34 3299 D * * *
#-----------------

 Start the SAP router with the below command

 saprouter -r -K "Your Distinguish name" as shown below


16).  Now login into R/3 System and goto Tcode- OSS1 as shown below







Note: If the Rfc connection is not OK then double click on SAP-OSS click on logon and security tab provide th password as cpic                                                                                        

****************************Sunil Rajput***************************************









Posted by at

1 comment:

Subscribe to: Post Comments (Atom)