SAP Router Installation on windows:
Pre-checks: Check with Network/Firewall team 3299 port is open for both outgoing and incoming from server where we going to install saprouter.
Raise a Public IP request for SAP router server.
Once you get the public IP we have raised below OSS message in XX-SER-NET-NEW component to register public IP and hostname
OSS has been raised to SAP, You will get similar response from SAP which has distinguished name
Downloaded below SAPCryptolib file
Downloaded below SAPROUTER file
Create SAPouter and nt-x86_64 folder as specified and extract sapcryptolib in nt-x86_64 and saprouter in saprouter folder
Files in nt-x86_64 folder
Files in saprouter folder
Environment variable created
Execute set command and u will get below result
Request SAP ROUTER Certificate:
Go to the http://service.sap.com/saprouter-sncadd
Copy this distinguished name which is required to execute below commands. Once you copied distinguished name then click on continues.
Click on apply for SAProuter certificate
Distinguished name: CN=SAPROUTER, OU=000xxxxxxx, OU=SAProuter, O=SAP, C=DE
I used below option to generate PSE from OS level instead from Service Market Place
Executed below command from sapgenpse,as per below article
https://support.sap.com/en/tools/connectivity-tools/saprouter/install-saprouter.html
sapgenpse get_pse -v -a sha256WithRsaEncryption -s 2048 -r certreq -p local.pse -x r “CN=SAPROUTER, OU=000xxxxxxx, OU=SAProuter, O=SAP, C=DE”
which generated local pse and certreq file
Local pse and certreq files are generated.
Submitted certreq file content in below path in Sevice Market Place
Below is the response
Srcert file created at sapgenpse path
Now executing below command
sapgenpse import_own_cert -c srcert -p local.pse -x <password>
command is failing
PIN/Passphrase: <password>
Install the certificate
sapgenpse import_own_cert -c srcert -p local.pse -x <pse password>
** There was problem with file extension after removing .txt it got imported successfully
sapgenpse seclogin -p local.pse -x <password> -O <domain>\Administrator
sapgenpse seclogin -p <path>\<psefile> -O <SNC_admin>
sapgenpse get_my_name -v -n Issuer
As per below link
The name of the issuer should be:
CN=SAProuter CA, OU=SAProuter, O=SAP Trust Community II, C=DE
https://support.sap.com/en/tools/connectivity-tools/saprouter/install-saprouter.html
SAP Router service created
sc create SAPRouter binPath=”E:\usr\sap\saprouter\saprouter.exe service -r -R E:\usr\sap\saprouter\saprouttab” start=auto obj=”NT AUTHORITY\LocalService”
As per SAP Note 41054 – Installation of SAProuter as Windows service
SAP Router check:
OSS1 setting
Default screen:
OSS1 setting after change
Finally we are able to create a service with below command
sc create SAPRouter binPath=”E:\usr\sap\saprouter\saprouter.exe service -r -R E:\usr\sap\saprouter\saprouttab -K ^p:CN=SAPROUTER, OU=000xxxxxxx, OU=SAProuter, O=SAP, C=DE^”
https://websmp210.sap-ag.de/saprouter-sncdoc
For testing purpose
We have downloaded the note from snote tool
RTCCTOOL ran properly
Hope this document will help you.
Nice article, was very helpful