Documente Academic
Documente Profesional
Documente Cultură
(RHEL5)
SAP Router Installation using RHEL 5 and SAP Router for Unix/Linux
1. Install VM + RHEL 5
a. Firewall disabled
b. SELinux is Permissive Mode
2. Login as root user
3. Set network parameters
Host name = SAPROUTER
IP Address (Private) = xxx.xxx.xxx
Subnet Mask= xxx.xxx.xxx
Gateway=xxx.xxx.xxx.xxx
DNS = xxx.xxx.xxx, xxx.xxx.xxx
PUBLIC IP ADDRESS = xxx.xxx.xxx
4. Create folder /usr/sap/saprouter
5. Download the following files and extract to /usr/sap/saprouter
1. SAPCRYPTOLIB_34-10010845.SAR
2. saprouter_4-20002414.sar
6. for sapcrytolib rename the folder linux-x86_64-glibc2.3 to lib
Old folder was /usr/sap/saprouter/linux-x86_64-glibc2.3
new folder will be /usr/sap/saprouter/lib
7. Create the following files on folder /usr/sap/saprouter
7.1 saprouttab
# Example saprouttab
# SNC connection to and from SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" xxx.xxx.xxx *
Note: xxx.xxx.xxx means IP Address from SAP
# SNC connection to local system for R/3-Support
# Soluton Manager Server: xxx.xxx.xxx
# Instance: 00
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" xxx.xxx.xxx *
Note: xxx.xxx.xxx means the local IP Address of your Solution Manager
# SNC connection to local WINDOWS system for WTS, if applicable
# Windows server: xxx.xxx.xxx
# Default WTS port: 3389
PIN: sap123
Display the output /usr/sap/saprouter/lib/"certreq" and copy (including the BEGIN and END statement)
Update Certificate request in SAP Market Place and paste.
In response you will receive the certificate signed by the CA in the Service Marketplace.
Copy & paste the text to a new local file named "srcert", which must be created in the folder
/usr/sap/saprouter/lib
With this in turn you can install the certificate in your saprouter by calling:
/usr/sap/saprouter/lib/sapgenpse import_own_cert -c srcert -p local.pse
PIN: sap123
Now you will have to create the credentials for the SAProuter with the same program (if you omit -O
<user_for_saprouter>, the credentials are created for the logged in user account).
/usr/sap/saprouter/lib>sapgenpse seclogin -p local.pse -O sapadm
Note: The account of the service user should always be entered in full saprouter \sapadm
This will create a file called "cred_v2" in the same directory as "local.pse"
For increased security please check that the file can only be accessed by the user running the SAProuter. Do
not allow any other access (not even from the same group)
Check if the certificate has been imported successfully with the following command:
/usr/sap/saprouter/lib>sapgenpse get_my_name -v -n Issuer
The name of the Issuer should be: CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE
If this is not the case, delete the files "cred_v2"and "local.pse" and start over at Item c. If the output still
does not match please open a customer message in component XX-SER-NET stating the actions you have
taken so far and the output of the commands c.,f.,g. and h.
12. Start the SAP Router by executing the following in the /usr/sap/saprouter directory
./startsaprouter
13. Stop the SAP Router by executing the following command in the /usr/sap/saprouter directory
./stopsaprouter