Wednesday 18 September 2013

How to troubleshoot SAP router connectivity issue and renew of the SAP router Certificate

In this example it will shown the steps on how to troubleshoot the SAP router connectivity issue and the way to renew the SAP router certificate.

A) Issue: SAP global support unable to connect into the SAP system.

Steps to verify the SAP router connectivity at the SAP systems level

1) Execute TCODE: SM59 -> "ABAP Connections" -> double click "SAPOSS"

2) Click "Connection Test"

3) Sample error on the SAP router connectivity

B) Steps to check the SAP router validity and how to renew the certificate

Steps to check the SAP router certificate validity

1) Login to the system where the sap router been install with the <SID>adm account
    Execute: sapgense get_my_name -v -n Issuer, sapgenpse get_my_name
    Expired certificate that cause the SAP system connectivity failed.

Steps to renew the SAP router certificate

 1) Login to the SAP support portal -> Maintenance & Services -> SAP Trust Center Services -> SAProuter certificates

2) Click "Apply Now"

3) Ensure the SAP router details been created and click "Continue"

4) Copy the "Distinguished name" to be use for certificate creation process later.

5) Login to the system where the sap router been install with the <SID>adm account
    Backup these files: certreq, cred_v2, local.pse, srcert

6) Stop the SAP router service


7) Execute: sapgenpse get_pse -v -r certreq1 -p local.pse
    Create a new PIN when prompt that will be use later in the certificate creation process
    Paste the distinguished name that copy from the SAP support portal previously

8) Examine that the "certreq1" file that been created. Copy all the contents of the file.

9) Paste the "certreq1" file contents into the SAP portal text box and click "Request Certificate"

10) Again copy all the contents generated from the portal.

11) Paste the copied contents into notepad and save in as "srcert" file in the SAP router folder

12) Install the certificate, execute: sapgenpse.exe import_own_cert -c srcert -p local.pse

13) Create the "cred_v2" file, execute: sapgenpse seclogin -p local.pse with the PIN created earlier (Step 7)

14) Check the newly created certificate and the validity date been updated
       Execute: sapgense get_my_name -v -n Issuer, sapgenpse get_my_name

15) Start the SAP router service

16) Test the connectivity with TCODE: SM59





Posted by at
Labels:

2 comments:

Subscribe to: Post Comments (Atom)