Downloading necessary software components from SAP Service Marketplace

1. Login to the SAP Service Marketplace with the Service Marketplace at using the USERID/PASSWORD which was assigned for your installation. 2. Change the alias to www.service.sap.com/swdc to downloaded the SAP cryptographic software. Select the correct SAPcrptographic software depending on your saprouter operating system as shown below.

3. You must have the sapcar.exe in order to extract the SAP cryptographic software file. 4. With the command of sapcar -xvf xxxxxxx.sar, /ntintel directory would be created and the following files would be extracted. (Example C:/saprouter/ntintel) ( when the Microsoft Windows NT Intel version is downloaded) C:/saprouter/ntintel/sapcrypto.dll C:/saprouter/ntintel/sapgenpse.exe

C:/saprouter/ticket

Issue of Electronic Certificate

5. It is necessary to define the environment variable for SECUDIR and SNC_LIB under system account. Window NT environment variable setup : Right-clicked the icon of you computer Property -> details -> environment variable SECUDIR = < Directory name > Example. Variable name : SECUDIR Variable value : C:/saprouter/ SNC_LIB = < Directory name > Example. Variable name : SNC_LIB
Variable value : C:/saprouter/ntintel/sapcrypto.dll

UNIX

<path_to_libsecude>/<name_of_sapcrypto_library>

Windows <drive>:/<path_to_libsecude>/<name_of_sapcrypto_library> NT, Windows 2000

6. Check if the environment of the user running saprouter contains the environment variable SNC_LIB. UNIX Windows NT Printenv System environment Variable

7. You may now apply for a SAProuter certificate from the SAP Trust Center Service of SAP service marketplace http://service.sap.com/tcs > SAP Trust Center Service in Detail > SAProuter Certificates

SAProuter Certificate "Apply Now" Click the button.

8. Please take note of your "Distinguished Name"

Please refer to the example above -SAPRouter Name -Distinguished Name : JPL50020586 :

CN=JPL50020586, OU=0000036946, OU=SAProuter, O=SAP, C=DE

Then, clicked the "Continue" button.

9. Execute the following command in the /saprouter/ntintel directory in order to generate your certificate to be exchanged with SAP. sapgenpse get_pse -v -r certreq -p local.pse "Distinguished Name"

Example sapgenpse get_pse v -r certreq -p local.pse "CN=JPL50020586, OU=0000036946, OU=SAProuter, O=SAP, C=DE"
Enter the PIN number. (you may enter any PIN Number you wish.)

Please enter PIN : Please re-enter PIN :

<- you must use the same PIN Number as the above.

10. The "certreq" file is created in the /saprouter/ntintel directory. 11. Use a notepad to open the "certreq" file and copy the displayed information (From the -BEGIN .to the END -) 12. You now have to paste the above copy content into the space provided shown below. After you have pasted the text, click the Request certificate button to submit your request.

13. Once you click on the Request Certificate a new screen will be displaying your certificate issued by SAP CA (Certification Authority). 14. Using a notepad to copy the content (From Being to -END) and save it as srcert into /saprouter/ntintel/srcert. * Note : - Please rename srcert.txt into srcert without any extension. 15. You then need to import this certificate into SAProuter using the following command. Please run on /saprouter/ntintel directory. sapgenpse import_own_cert -c srcert -p local.pse Please enter PIN : (same as point 9)

16.

Execute the following command in the /saprouter/ntintel directory.

sapgenpse seclogin -p local.pse Please enter PIN : (same as point 9)

This will create a file "cred_v2" in the same directory.

17.

Please check whether the certificate has been imported correctly.

Execute this command in /saprouter/ntintel directory. sapgenpse get_my_name -v -n Issuer The result should be "CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE". 18. When the above results are not obtained , please delete local.pse and cred_v2 and work again from steps 9. Please seek the assistance from your local SAP helpdesk or create an OSS message via component XX-SER-NET-OSS, if you are not able to obtain the above-mentioned result after you have repeated the above steps.

Route permission table (saprouttab)

19. The corresponding file ./saprouttab should contain at least the following entries. Example : by SNC connection, when connecting to sapserv2 (194.39.131.34) the following entries need to be indicated by saprouttab.,
# SNC-connection to SAP KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 * # SNC-connection from SAP to local R/3-System for Support KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> <R/3-Instance> # SNC-connection from SAP to local R/3-System for pcANYWHERE, if it is needed KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 5631

# SNC-connection from SAP to local R/3-System for NetMeeting, if it is needed KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 1503 # SNC-connection from SAP to local R/3-System for saptelnet, if it is needed KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 23 # Access from the local Network to SAPNet - R/3 Frontend (OSS) P <IP-addess of a local PC> 194.39.131.34 3299 # deny all other connections D***

Start the SAProuter with the following command. Saprouter -r -S <port> -K "p: <Your Distingiushed Name>" -K tells the saprouter to start with loading the SNC library. Example: saprouter -r -S 3299 K "p:CN=JPL50020586, OU=0000036946, OU=SAProuter, O=SAP, C=DE"

Additional Note -You may refer to SAP note: 30289 in the SAP service marketplace for
detail information with regards to SAProuter http://www.service.sap.com/note