Install SAP Router in Linux

Prerequisites

1. Access of root user in O.S.

2. Login Access of S User (Sap Portal)

3. Server Host Name and Server IP should be assign in your Sap Portal for Sap router

4. Your distinguished name (Find from Sap Portal under Sap router certificate or Cmd: sapgenspe get_my_name)

5. You need to open the port for SAP Router 3299 & Gateway Port 3399 3389

Solutions

Step 1.

1. Login to the SAP Support Portal with the S-user ID and Download latest version file

SAPCRYPTOLIBP_8506-20011697.SAR SAPROUTER_34-70000854.sar >Support Packages & Patches >A-Z Alphabetical List of Products >S >SAPCRYPTOLIB.SAR >SAPROUTER.SAR

2. Login into server with “Root” user.

3. Create folder under path “/usr/sap/” with name of Saprouter and move downloaded file in to newly created folder (usr/sap/Saprouter)

4. Provide 775 permission to Saprouter Folder (chmod –R 775 /usr/sap/Saprouter).

5. Extract both file “Saprouter and Sapcryptolib” with help of tool “SAPCAR”.

Step 2.

1. Generate the certificate request using the following command:

( Note : distinguished name should be available and PIN can enter 1234)

./sapgenpse get_pse -v -r certreq -p loc Got absolute PSE path "/usr/sap/saprouter/local.pse".

Please enter PIN: **** Please reenter PIN: **** Supplied distinguished name: "CN=HOST Name, OU=Customer Number, OU=SAProuter, O=SAP, C=DE" Creating PSE with format v2 (default) Generating key (RSA, 2048-bits) ... succeeded.

certificate creation...ok

PSE update...ok

PKRoot... ok

Generating certificate request... ok.

2. Once the request is created, it creates the file certreq: Open Certreq file in disply mode

( CMD : cat certreq)

-----END CERTIFICATE REQUEST-----

Copy this script from …..BEGIN to …..END…

Then Login to service marketplace under: http://www.service.sap.com/saproutersnc add à Apply Certificate this opens the form below.

Select Continue

Paste the contents of the certreq file generated above as below, and then “Request Certificate”. See below

Copy the details of the new certificate generated and then Create txt file with name of srcert(touch srcert) and paste it in a new file srcert in the

3. Importing the Certificate & Creating Credential:

/sapgenpse import_own_cert -c srcert -p loc.pse

Please enter PIN: **** CA-Response successfully imported into PSE "/usr/sap/saprouter/loc.pse"

4. Creating the credential for User responsible to start SAP Router:

./sapgenpse seclogin -p local.pse -O roo

inistrator

running seclogin with USER="root"

creating credentials for secondary user "root" ...

Please enter PIN: ****

Added SSO-credentials (#0) for PSE "/usr/sap/saprouter/loc.pse"

"CN=Host name, OU=Customer Number, OU=SAProuter, O=SAP, C=DE"

5. Verifying the Configuration:

./sapgenpse get_my_name -v -n Issuer

Opening PSE "/usr/sap/saprouter/loc.pse"...

PSE (v2) open ok.

Retrieving my certificate... ok.

Getting requested information... ok.

SSO for USER "root" with PSE file "/usr/sap/saprouter/loc.pse"

Issuer : CN=SAProuter CA, OU=SAProuter, O=SAP Trust Community II, C=DE

6. ./sapgenpse get_my_name -n validity

SSO for USER "root"

with PSE file "/usr/sap/saprouter/loc.pse"

Validity - NotBefore: Thu Jul 14 12:57:44 2016 (160714095744Z) NotAfter: Fri Jul 14 12:57:44 2017 (170714095744Z)

Step 3.

1. Set Environment variables from root user

export SECUDIR=/usr/sap/saprouter

export SNC_LIB=/usr/sap/saprouter/libsapcrypto.so

disply Environment variable path echo $SECUDIR

set this as permanent add it to the file .profile or .bashrc

2. SAPROUTTAB Entry

Create saprouttab txt file (touch saprouttab)

vi saprouttab

sapserv2 (194.39.131.34): Connection via Internet SNC

3. Start Sap Router Command in Linux

#/usr/sap/saprouter > Enter cmd

./saprouter -r -V 2 -K "p:CN=HOSTNAME, OU=CUSTOMER Number, OU=SAProuter, O=SAP, C=DE"

Note: check proper space b/w distinguished name

Note: Don’t close terminal after start sap router

4. Stop Sap Router

#/usr/sap/saprouter > Enter cmd

Saprouter –s If facing any issue check dev_rout file

Shell Script for background job In linux.

### Variables ###

porta="3299";

SECUDIR="/usr/sap/saprouter";

SNC_LIB="/usr/sap/saprouter/libsapcrypto.so";

DNAME="p:CN=server, OU=0001000000, OU=SAProuter, O=SAP, C=DE";

### Variables end ###

### Check if saprouter is already running:

pid1="`netstat -nlp | grep '0.0.0.0:'"$porta"'.*saprouter' | sed -n 1p |awk '{print $7}' | cut -f1 -d "/" `";

if [ -f $pid1 ]

then # Not running.

### check if the port is free:

echo -e "\nChecking port...";

processo="`netstat -nlp | grep 0.0.0.0:"$porta" | sed -n 1p |awk '{print $7}' | cut -f1 -d "/"`";

sleep 2;

# If port free:

if [ -f $processo ]

then

echo -e '\nStarting SAPRouter on port: ' $porta;

sleep 2;

export SECUDIR=$SECUDIR

export SNC_LIB=$SNC_LIB

/usr/sap/saprouter/./saprouter -r -R "$SECUDIR/saprouttab" -W 60000 -G "$SECUDIR/saprouterlog.txt" -S $porta -K "$DNAME" &

pid="`netstat -nlp | grep '0.0.0.0:'"$porta"'.*saprouter' | sed -n 1p |awk '{print $7}' | cut -f1 -d "/" `";

echo -e "\n\nSAPRouter is running on PID: "$pid;

echo -e "\n";

exit;

# if the port isnot free.

else

echo -e '-------------------------------------------------------\n';

echo -e ' It is not possible to start SAPRouter\n';

echo -e ' The PID: '$processo' is already using the port: ' $porta;

echo -e '-------------------------------------------------------\n';

###################

else # Its already running.

echo -e "\nSAPRouter is already running";

pid="`ps -ef |grep saprouter | sed -n 1p |awk '{print $2}' `";

echo -e "\nPID: "$pid;

echo -e "\n";

sleep 2;

#SAProuter #saprouterinlinux #saprouterinstall #saprouterupdate #saprouterportal

Install SAP Router in Linux

Featured Posts

Recent Posts

Shell script for kill Sap Serivces from multiple servers

SAP Hana Hyperwatch at OS level(Linux) Shell script

Add a system to SAP LVM 3.0

SAP LVM Add custom instance

Content Repository configuration

SAP Oracle system refresh

SAP Welcome Note and Image

Send USMM report to SAP

Mail Triggering from SOST in SAP

LOCK/UNLOCK TCODES In SAP

Archive

Search By Tags

Follow Us