SAProuter Installation

1. Introduction

The purpose of this document is to set out the process used in the creation of a SAProuter connection to SAP.

2. Installation Process

2.1. Server

A dedicated server (hostname) has been built for the SAProuter). The spec of this server is:

· 2 hyper-threading (HTT) CPUs with 2GHz tact frequency

· 2 GB RAM

· 50 MB free space on the hard drive for SAProuter and configuration

· 20GB D: drive for SAP router & log files

· 64bit server

· OS Windows 2008

Its internal IP address: Host IP

2.2. SAP Registration

In order to have this new SAProuter connection with SAP, registered the following details with SAP.

On approval SAP register the following details in the SAP Marketplace

1.1. SAProuter Software

The following version of the SAProuter software was downloaded from the SAP Marketplace:

· SAProuter 7.20 (patch level 423) for Windows on x64 64bit

We also downloaded the following cryptographic software for the SNC connection

· SAPCRYPTOLIB 5.5.5 (patch level 36) for Windows on x64 64bit

1.1. Setting the environment variable

Once the software has been installed on the server the next step is to set the environment variables SECUDIR and SNC_LIB. These are as follows:

· SECUDIR = D:\usr\sap\sap\saprouter

· SNC_LIB = D:\usr\sap\sap\saprouter\ntintel\sapcrypto.dll

One set reboot the system once you have checked that the terminal services have started.

1.1. Downloading and installing the SAProuter certificate

From the SAP Marketplace download a certificate and then install it on the server. The process for doing this is as follows.

Go to the SAP Marketplace and obtain the “Distinguished Name” for the new SAProuter installation as advised by SAP. For this installation it is:

· CN=HOSTNAME, OU=0000848841, OU=SAProuter, O=SAP, C=DE

Generate the certificate request with the command: sapgenpse get_pse -v -r certreq -p local.pse "" as follows:

· sapgenpse get_pse -v -r certreq -p local.pse "CN=hostname, OU=0000848841, OU=SAProuter, O=SAP, C=DE"

From the directory D:\usr\sap\sap\saprouter\ntintel\, copy the content of the file certreq to the second tab “Create and Enter CSR” in the SAP Marketplace.

SAP will then return the new certificate on selecting “Request Certificate

Copy and paste the text to a new local file named "srcert", which must be created in the same directory as the sapgenpse executable (D:\usr\sap\sap\saprouter\ntintel\)

This certificate needs to be imported into SAProuter.

First of all execute the following command on the /saprouter/ntintel directory:

· sapgenpse import_own_cert -c srcert -p local.pse

Enter PIN: ?????

Now you will have to create the credentials for the SAProuter to do this execute the following command in the /saprouter/ntintel directory.

· sapgenpse seclogin -p local.pse

· Enter PIN: ????? (same as point 9)

This will create a file "cred_v2" in the same directory as local.pse.

To check whether the certificate has been imported correctly execute this command in the /saprouter/ntintel directory.

· sapgenpse get_my_name -v -n Issuer

The successful result will be: Issuer : "CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE".

1.1. Installing the SAProuter as an NT Service

Should there be registry changes also detailed here?

Use the following command to newly define the service from the command line:

· sc.exe create SAPRouter binPath= "D:\usr\sap\saprouter\saprouter.exe service -r -W 60000 -R D:\usr\sap\saprouter\saprouttab -K ^p:CN=HOSTNAME, OU=0000848841, OU=SAProuter, O=SAP, C=DE ^" start= auto obj= "NT AUTHORITY\LocalService"

You will receive the following success message: [SC] CreateService SUCCESS