SlideShare a Scribd company logo

Sap snc configuration

Sugianto S.Kom
Sugianto S.Kom

Guide to COnfigure SNC SAPROUTER

Software
1 of 9
Download to read offline
AN ONE STOP GUIDE TO CONFIGURE SNC SAPROUTER Joy V.Ramachandran Consultant SAP BASIS IVL India Pvt Ltd Technopark , Trivandrum Kerala India joy.rama@sapgenie.com ; joy_rama@msn.com
Contents SAP SNC CONFIGURATION........................................................................................ 3 DOWNLOADING CRYPTOGRAPHIC SOFTWARE............................................ 3 CREATING THE KEY.................................................................................................... 4 TRANSMITTING THE KEY.......................................................................................... 4 CREATING THE CERTIFICATE................................................................................. 6 IMPORTING CERTIFICATE........................................................................................ 6 START SNC SAP ROUTER ........................................................................................... 7 In Unix............................................................................................................................ 7 In windows..................................................................................................................... 7 SAPROUTTAB ENTRIES............................................................................................... 8 Example: ......................................................................................................................... 8 DEBUGGING.................................................................................................................... 9 Check whether certificate is installed correctly.............................................................. 9 CHECK THE ENVIRONMENT VARIABLES ........................................................ 9 UNIX........................................................................................................................... 9 WINDOWS................................................................................................................. 9
SAP SNC CONFIGURATION DOWNLOADING CRYPTOGRAPHIC SOFTWARE Download the cryptographic software from service market place www.service.sap.com/tcs. As shown below. Extract the criptographic libraries and sapgenpse and ticket files in to the saprouter.exe location using # SAPCAR –xvf < cryprographic car file>
CREATING THE KEY Next goto www.service.sap.com/tcp get the distingush name . Then execute the following commands by copy paste the distinguished name /* “CN & "OU " in the distingush name will be different for different organizations */ #./sapgenpse get_pse -v -r certreq -p local.pse "CN=yourhostname , OU=123456, OU=SAProuter, O=SAP, C=DE " Got absolute PSE path "/usr/sap/C11/SYS/exe/run/local.pse". Please enter PIN:<press enter> Please reenter PIN:<press enter> Supplied distinguished name: "CN=YourHostName, OU=12345, OU=SAProuter, O=SAP, C=DE " Generating key (RSA, 1024-bits) ... succeeded. certificate creation... ok PSE update... ok PKRoot... ok Generating certificate request... ok. TRANSMITTING THE KEY It will generate a key in "certreq " . Next step is copy this key to www.service.sap.com/tcp against your SAP router registration . The ---- BEGIN CERTIFICATE REQUEST to --- END CERTIFICATE REQUEST should also be copied */ # cat certreq -----BEGIN CERTIFICATE REQUEST----- MIIBmDCCAQECAQAwWDELMAkGA1UEBhMCREUxDDAKBgNVBAoTA1NBUDESMBAGA1UE CxMJU0FQcm91dGVyMRMwEQYDVQQLEwowMDAwNjMyNzY2MRIwEAYDVQQDEwltZnFz YXBwcmQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAP/sY2nK8NR85+HZne3d 7ZQITR2tdlCG8gbJ/88SWFcWrjmD5me8jR9x9ut8wISSVkWgKCCZ/fM74XRGlU4V HQ/8hjht8bP93Uyf06hE9re//SszGlySNdhG3TMx/wslJW8PAk0KXGozjMJrKRVE Pd4Upb7jKhGoTcyaqJNi7SILAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQA3mM3W 9qBgCXcoN/XGp6/odakIQzRsQ8PJYhu2ogEwDixu3bNWW3doiiglqCCsJdyAdzfi /yY/bUk/SJxDWVXZzYfw5c0Y3wmbDhqqLw3mm7nbVWFn6q8cn9MNeF1FdlUIfY7O Yq8Inb/ropL1eMnkT1hepa79HIfdmHoAdjXDGQ== -----END CERTIFICATE REQUEST-----
Copy the above key and paste it like shown below After Copying, click on the "Request Certificate" Button . Next screen will display the certificate. Copy and paste the generated certificate in a new file named 'srcert' in the same location of your saprouter . N:B Do not forget to copy the BEGIN and END tags too.
CREATING THE CERTIFICATE Windows users can use notepad and UNIX vi editor. vi srcert < paste> <ESC><SHIFT> : x # vi srcert -----BEGIN CERTIFICATE----- MIIHqAYJKoZIhvcNAQcCoIIHmTCCB5UCAQExADALBgkqhkiG9w0BBwGgggd9MIICd TCCAd6gAwIBAgICI1MwDQYJKoZIhvcNAQEEBQAwRjELMAkGA1UEBhMCREUxDDAKBg NVBAoTA1NBUDESMBAGA1UECxMJU0FQcm91dGVyMRUwEwYDVQQDEwxTQVByb3V0ZXI gQ0EwHhcNMDQwMTIxMDQwMDI0WhcNMDUwMTIxMDQwMDI0WjBYMQswCQYDVQQGEwJE RTEMMAoGA1UEChMDU0FQMRIwEAYDVQQLEwlTQVByb3V0ZXIxEzARBgNVBAsTCjAwM DA2MzI3NjYxEjAQBgNVBAMTCW1mcXNhcHByZDCBnzANBgkqhkiG9w0BAQEFAAOBjQ AwgYkCgYEA/+xjacrw1Hzn4dmd7d3tlAhNHa12UIbyBsn/zxJYVxauOYPmZ7yNH3H 263zAhJJWRaAoIJn98zvhdEaVThUdD/yGOG3xs/3dTJ/TqET2t7/9KzMaXJI12Ebd MzH/CyUlbw8CTQpcajOMwmspFUQ93hSlvuMqEahNzJqok2LtIgsCAwEAAaNgMF4wD <- --------- LINES DELETED ----------------------------------- hvcNAQEBBQADgY0AMIGJAoGBAP6a6fk9E5Is6WO84kyTjY08fMi2IsCzfC0NYkp3C Vb0cx04csKiZZwB/V+IOICtx+C4mUpxDeDnT07i6onBKLqs3Jj5opOABe3pOHABOk a+GiajTQ4MBHpgf7pb5zRAdqp7G6gx0bzGNIHxLx1U4jzbvZJF9xUIRJUBy44adK2 /AgMBAAGjaTBnMA8GA1UdEwEB/wQFMAMBAf8wJQYDVR0RBB4wHIYaaHR0cDovL3Nl cnZpY2Uuc2FwLmNvbS9UQ1MwDgYDVR0PAQH/BAQDAgH2MB0GA1UdDgQWBBSivTpjU s0Z/L7oQ9Cu5YSgSffa/DAJBgUrDgMCHQUAA4GBAMgUUSEs6bZKH067xP+RWnJ4fP 3l/qoydP3PZvCO4ThQHkhqMMhG+28J+jyWMijklAnJsJaWePBEBPbtLC5nKjNIZuW WZaGOinWz192FGAHnoN2z0dcUTUljZLJrY/9NrCbfpC2TEqBQf1+Sr82DlJL6wmCX Ejlpr1Kk/g7ZPYorMQA= -----END CERTIFICATE----- <ESC><SHIFT> : x IMPORTING CERTIFICATE Next step is to import this certificate using the below command syntax . # ./sapgenpse import_own_cert -c srcert -p local.pse CA-Response successfully imported into PSE "/usr/sap/MPS/SYS/exe/run/local.pse"
SETTING SECURED LOGIN TO SAPROUTER Now specify the user who is allowed secure login to PSE Use < sid> adm if you want to start saprouter with sap admin user. If you omit -O <user>, the credentials are created for the logged in user account who is running the below command ) # ./sapgenpse seclogin -p local.pse -O saprouterUser running seclogin with USER="saprouterUser" creating credentials for yourself (USER="saprouterUser ")... Added SSO-credentials for PSE "/usr/sap/C11/SYS/exe/run/local.pse" "CN=YourHostName, OU=12345, OU=SAProuter, O=SAP, C=DE" N:B Check a file named cred_v2 is created in the same directory START SNC SAP ROUTER In Unix In UNIX use the below sysntax to start sap router using SNC # nohup ./saprouter -r -G routerlog -S 3299 -K "p:CN=YourHostName, OU=12345, OU=SAProuter, O=SAP, C=DE" & In windows In Windows use the below syntax <Drive>:SNC-SaprouterDirectory saprouter -r -G routerlog -S 3299 –K "p:CN=YourHostName, OU=12345, OU=SAProuter, O=SAP, C=DE" N:B –K option tells saprouter to load the SNC cryptographic library too.
SAPROUTTAB ENTRIES For SNC SAPROUTER , the enries should not be the same as non-saprouter ./saprouttab should contain at least the following entries # inbound connections MUST use SNC KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <your_server1> <port_number> # repeat this for the servers and port_numbers you will need to allow, # please make sure that all explicit ports are inserted in front of a # generic entry '*' for port_number # outbound connections to <sapservX> will use SNC KT "p:CN=sapserv2 OU=SAProuter, O=SAP, C=DE" <sapservX> <sapservX_inbound_port> # permission entries to check if connection is allowed at all P <IP address of a local host> <IP address of sapserv2> # all other connections will be denied D * * * Example: For a SNC encrypted connection to the SAPRouter on sapserv2 (194.39.131.34), the saprouttab should contain the following entries: # # SNC-connection from and to SAP KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 * # SNC-connection from SAP to local R/3-System for Support KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> <R/3- Instance> # SNC-connection from SAP to local R/3-System for NetMeeting, if it is needed KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 1503 # SNC-connection from SAP to local R/3-System for saptelnet, if it is needed KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 23 # Access from the local Network to SAPNet - R/3 Frontend (OSS) P <IP-addess of a local PC> 194.39.131.34 3299 # deny all other connections D * * *
DEBUGGING Check whether certificate is installed correctly # ./sapgenpse get_my_name -v -n issuer Opening PSE "/usr/sap/C11/SYS/exe/run/local.pse"... PSE open ok. ok. Retrieving my certificate... ok. Getting requested information... ok. SSO for USER "UserID" with PSE file "/usr/sap/C11/SYS/exe/run/local.pse" Issuer : CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE If any errors found in the above , you can do all the steps once again . But make sure that cred_v2, local.pse is deleted . If you whant to create the ket once again delete certreq file too before doing so. CHECK THE ENVIRONMENT VARIABLES Create the following entries are there in the .login ( dot login) script of the SNC saprouter user . ONLY THE BOLD AREAS UNIX set path = ( /usr/bin /etc /usr/sbin /usr/ucb $HOME/bin /usr/bin/C11 /sbin /usr/SNC-saprouter/snc_library /usr/lib . ) setenv MAIL "/var/spool/mail/$LOGNAME" setenv SECUDIR “/usr/SNC-saprouter” setenv SNC_LIB "/usr/SNC-Saprouter/snc_library/libsapcrypto.o" setenv LIBPATH "/usr/lib:/lib:/usr/sap/C11/SYS/exe/run:/oracle/C11/92_64/lib:/usr/SNC- saprouter/snc_library” WINDOWS For windows create PATH, SECUDIR, SNC_LIB and LIBPATH in their environment settings area.

Recommended

Creating "Secure" PHP applications, Part 2, Server Hardening
Creating "Secure" PHP applications, Part 2, Server HardeningCreating "Secure" PHP applications, Part 2, Server Hardening
Creating "Secure" PHP applications, Part 2, Server Hardeningarchwisp
 
Introduction to SAGA HighPerformance Computing
Introduction to SAGA HighPerformance ComputingIntroduction to SAGA HighPerformance Computing
Introduction to SAGA HighPerformance ComputingDavid Peris Navarro
 
Passive SSH, a Fast-Lookup Database of SSH Key Materials to Support Incident ...
Passive SSH, a Fast-Lookup Database of SSH Key Materials to Support Incident ...Passive SSH, a Fast-Lookup Database of SSH Key Materials to Support Incident ...
Passive SSH, a Fast-Lookup Database of SSH Key Materials to Support Incident ...adulau
 
Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort webhostingguy
 
Drush - for zero to hero
Drush - for zero to heroDrush - for zero to hero
Drush - for zero to heroRoel Meester
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoTiago Cruz
 
Linuxserver harden
Linuxserver hardenLinuxserver harden
Linuxserver hardenGregory Hanis
 
Linux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsLinux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsSunil Paudel
 

Recommended

Creating "Secure" PHP applications, Part 2, Server Hardening
Creating "Secure" PHP applications, Part 2, Server HardeningCreating "Secure" PHP applications, Part 2, Server Hardening
Creating "Secure" PHP applications, Part 2, Server Hardeningarchwisp
 
Introduction to SAGA HighPerformance Computing
Introduction to SAGA HighPerformance ComputingIntroduction to SAGA HighPerformance Computing
Introduction to SAGA HighPerformance ComputingDavid Peris Navarro
 
Passive SSH, a Fast-Lookup Database of SSH Key Materials to Support Incident ...
Passive SSH, a Fast-Lookup Database of SSH Key Materials to Support Incident ...Passive SSH, a Fast-Lookup Database of SSH Key Materials to Support Incident ...
Passive SSH, a Fast-Lookup Database of SSH Key Materials to Support Incident ...adulau
 
Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort webhostingguy
 
Drush - for zero to hero
Drush - for zero to heroDrush - for zero to hero
Drush - for zero to heroRoel Meester
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoTiago Cruz
 
Linuxserver harden
Linuxserver hardenLinuxserver harden
Linuxserver hardenGregory Hanis
 
Linux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsLinux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsSunil Paudel
 
Ipsec
IpsecIpsec
IpsecEddy Barzallo
 
Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...
Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...
Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...IT Tech
 
Using SQL to process hierarchies
Using SQL to process hierarchiesUsing SQL to process hierarchies
Using SQL to process hierarchiesConnor McDonald
 
NSClient Workshop: 04 Protocols
NSClient Workshop: 04 ProtocolsNSClient Workshop: 04 Protocols
NSClient Workshop: 04 ProtocolsMichael Medin
 
New text document (2)
New text document (2)New text document (2)
New text document (2)Furqaan Aan
 
Deleting a vserver in Netapp cluster mode
Deleting a vserver in Netapp cluster mode Deleting a vserver in Netapp cluster mode
Deleting a vserver in Netapp cluster mode Saroj Sahu
 
Crack.ba
Crack.baCrack.ba
Crack.baYance Iyai
 
Simple Misconfiguration Equals Network Vulnerability!
Simple Misconfiguration Equals Network Vulnerability!Simple Misconfiguration Equals Network Vulnerability!
Simple Misconfiguration Equals Network Vulnerability!shira koper
 
Algosec how to avoid business outages from misconfigured devices final
Algosec how to avoid business outages from misconfigured devices finalAlgosec how to avoid business outages from misconfigured devices final
Algosec how to avoid business outages from misconfigured devices finalMaytal Levi
 
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...AlgoSec
 
Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleChanaka Lasantha
 
Install cacti on open suse 13
Install cacti on open suse 13Install cacti on open suse 13
Install cacti on open suse 13Vanda KANY
 
How To Configure Nginx Load Balancer on CentOS 7
How To Configure Nginx Load Balancer on CentOS 7How To Configure Nginx Load Balancer on CentOS 7
How To Configure Nginx Load Balancer on CentOS 7VCP Muthukrishna
 
How To Install and Configure SUDO on RHEL 7
How To Install and Configure SUDO on RHEL 7How To Install and Configure SUDO on RHEL 7
How To Install and Configure SUDO on RHEL 7VCP Muthukrishna
 
Hp Linux
Hp LinuxHp Linux
Hp Linuxtelab
 
Securing the tunnel with Raccoon
Securing the tunnel with RaccoonSecuring the tunnel with Raccoon
Securing the tunnel with RaccoonGloria Stoilova
 
Gns3moi
Gns3moiGns3moi
Gns3moiKhỉ Lùn
 
How To Install and Configure Salt Master on Ubuntu
How To Install and Configure Salt Master on UbuntuHow To Install and Configure Salt Master on Ubuntu
How To Install and Configure Salt Master on UbuntuVCP Muthukrishna
 
SnortReport Presentation
SnortReport PresentationSnortReport Presentation
SnortReport Presentationwebhostingguy
 
Capital onehadoopclass
Capital onehadoopclassCapital onehadoopclass
Capital onehadoopclassDoug Chang
 
Osol Pgsql
Osol PgsqlOsol Pgsql
Osol PgsqlEmanuel Calvo
 
How to install squid proxy on server or how to install squid proxy on centos o
How to install squid proxy on server or how to install squid proxy on centos oHow to install squid proxy on server or how to install squid proxy on centos o
How to install squid proxy on server or how to install squid proxy on centos oProxiesforrent
 

More Related Content

What's hot

Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...
Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...
Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...IT Tech
 
Using SQL to process hierarchies
Using SQL to process hierarchiesUsing SQL to process hierarchies
Using SQL to process hierarchiesConnor McDonald
 
NSClient Workshop: 04 Protocols
NSClient Workshop: 04 ProtocolsNSClient Workshop: 04 Protocols
NSClient Workshop: 04 ProtocolsMichael Medin
 
New text document (2)
New text document (2)New text document (2)
New text document (2)Furqaan Aan
 
Deleting a vserver in Netapp cluster mode
Deleting a vserver in Netapp cluster mode Deleting a vserver in Netapp cluster mode
Deleting a vserver in Netapp cluster mode Saroj Sahu
 
Simple Misconfiguration Equals Network Vulnerability!
Simple Misconfiguration Equals Network Vulnerability!Simple Misconfiguration Equals Network Vulnerability!
Simple Misconfiguration Equals Network Vulnerability!shira koper
 
Algosec how to avoid business outages from misconfigured devices final
Algosec how to avoid business outages from misconfigured devices finalAlgosec how to avoid business outages from misconfigured devices final
Algosec how to avoid business outages from misconfigured devices finalMaytal Levi
 
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...AlgoSec
 
Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleChanaka Lasantha
 
Install cacti on open suse 13
Install cacti on open suse 13Install cacti on open suse 13
Install cacti on open suse 13Vanda KANY
 
How To Configure Nginx Load Balancer on CentOS 7
How To Configure Nginx Load Balancer on CentOS 7How To Configure Nginx Load Balancer on CentOS 7
How To Configure Nginx Load Balancer on CentOS 7VCP Muthukrishna
 
How To Install and Configure SUDO on RHEL 7
How To Install and Configure SUDO on RHEL 7How To Install and Configure SUDO on RHEL 7
How To Install and Configure SUDO on RHEL 7VCP Muthukrishna
 
Hp Linux
Hp LinuxHp Linux
Hp Linuxtelab
 
Securing the tunnel with Raccoon
Securing the tunnel with RaccoonSecuring the tunnel with Raccoon
Securing the tunnel with RaccoonGloria Stoilova
 
How To Install and Configure Salt Master on Ubuntu
How To Install and Configure Salt Master on UbuntuHow To Install and Configure Salt Master on Ubuntu
How To Install and Configure Salt Master on UbuntuVCP Muthukrishna
 
SnortReport Presentation
SnortReport PresentationSnortReport Presentation
SnortReport Presentationwebhostingguy
 
Capital onehadoopclass
Capital onehadoopclassCapital onehadoopclass
Capital onehadoopclassDoug Chang
 

What's hot (20)

Ipsec
IpsecIpsec
Ipsec
 
Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...
Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...
Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...
 
Using SQL to process hierarchies
Using SQL to process hierarchiesUsing SQL to process hierarchies
Using SQL to process hierarchies
 
NSClient Workshop: 04 Protocols
NSClient Workshop: 04 ProtocolsNSClient Workshop: 04 Protocols
NSClient Workshop: 04 Protocols
 
New text document (2)
New text document (2)New text document (2)
New text document (2)
 
Deleting a vserver in Netapp cluster mode
Deleting a vserver in Netapp cluster mode Deleting a vserver in Netapp cluster mode
Deleting a vserver in Netapp cluster mode
 
Crack.ba
Crack.baCrack.ba
Crack.ba
 
Simple Misconfiguration Equals Network Vulnerability!
Simple Misconfiguration Equals Network Vulnerability!Simple Misconfiguration Equals Network Vulnerability!
Simple Misconfiguration Equals Network Vulnerability!
 
Algosec how to avoid business outages from misconfigured devices final
Algosec how to avoid business outages from misconfigured devices finalAlgosec how to avoid business outages from misconfigured devices final
Algosec how to avoid business outages from misconfigured devices final
 
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
 
Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmaple
 
Install cacti on open suse 13
Install cacti on open suse 13Install cacti on open suse 13
Install cacti on open suse 13
 
How To Configure Nginx Load Balancer on CentOS 7
How To Configure Nginx Load Balancer on CentOS 7How To Configure Nginx Load Balancer on CentOS 7
How To Configure Nginx Load Balancer on CentOS 7
 
How To Install and Configure SUDO on RHEL 7
How To Install and Configure SUDO on RHEL 7How To Install and Configure SUDO on RHEL 7
How To Install and Configure SUDO on RHEL 7
 
Hp Linux
Hp LinuxHp Linux
Hp Linux
 
Securing the tunnel with Raccoon
Securing the tunnel with RaccoonSecuring the tunnel with Raccoon
Securing the tunnel with Raccoon
 
Gns3moi
Gns3moiGns3moi
Gns3moi
 
How To Install and Configure Salt Master on Ubuntu
How To Install and Configure Salt Master on UbuntuHow To Install and Configure Salt Master on Ubuntu
How To Install and Configure Salt Master on Ubuntu
 
SnortReport Presentation
SnortReport PresentationSnortReport Presentation
SnortReport Presentation
 
Capital onehadoopclass
Capital onehadoopclassCapital onehadoopclass
Capital onehadoopclass
 

Similar to Sap snc configuration

How to install squid proxy on server or how to install squid proxy on centos o
How to install squid proxy on server or how to install squid proxy on centos oHow to install squid proxy on server or how to install squid proxy on centos o
How to install squid proxy on server or how to install squid proxy on centos oProxiesforrent
 
Keep it simple web development stack
Keep it simple web development stackKeep it simple web development stack
Keep it simple web development stackEric Ahn
 
Salesforce at Stacki Atlanta Meetup February 2016
Salesforce at Stacki Atlanta Meetup February 2016Salesforce at Stacki Atlanta Meetup February 2016
Salesforce at Stacki Atlanta Meetup February 2016StackIQ
 
Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort webhostingguy
 
Debugging Ruby
Debugging RubyDebugging Ruby
Debugging RubyAman Gupta
 
Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Hell19
 
Most important "trick" of performance instrumentation
Most important "trick" of performance instrumentationMost important "trick" of performance instrumentation
Most important "trick" of performance instrumentationCary Millsap
 
PostgreSQL Portland Performance Practice Project - Database Test 2 Howto
PostgreSQL Portland Performance Practice Project - Database Test 2 HowtoPostgreSQL Portland Performance Practice Project - Database Test 2 Howto
PostgreSQL Portland Performance Practice Project - Database Test 2 HowtoMark Wong
 
How To Install and Configure SNMP on RHEL 7 or CentOS 7
How To Install and Configure SNMP on RHEL 7 or CentOS 7How To Install and Configure SNMP on RHEL 7 or CentOS 7
How To Install and Configure SNMP on RHEL 7 or CentOS 7VCP Muthukrishna
 
Ascs virtual
Ascs virtualAscs virtual
Ascs virtualwistwiser
 
Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixDiana Tkachenko
 
Performance Wins with BPF: Getting Started
Performance Wins with BPF: Getting StartedPerformance Wins with BPF: Getting Started
Performance Wins with BPF: Getting StartedBrendan Gregg
 
計算機性能の限界点とその考え方
計算機性能の限界点とその考え方計算機性能の限界点とその考え方
計算機性能の限界点とその考え方Naoto MATSUMOTO
 
Wait Events 10g
Wait Events 10gWait Events 10g
Wait Events 10gsagai
 
StackiFest16: Stacki 1600+ Server Journey - Dave Peterson, Salesforce
StackiFest16: Stacki 1600+ Server Journey - Dave Peterson, Salesforce StackiFest16: Stacki 1600+ Server Journey - Dave Peterson, Salesforce
StackiFest16: Stacki 1600+ Server Journey - Dave Peterson, Salesforce StackIQ
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
PostgreSQL Procedural Languages: Tips, Tricks and Gotchas
PostgreSQL Procedural Languages: Tips, Tricks and GotchasPostgreSQL Procedural Languages: Tips, Tricks and Gotchas
PostgreSQL Procedural Languages: Tips, Tricks and GotchasJim Mlodgenski
 

Similar to Sap snc configuration (20)

Osol Pgsql
Osol PgsqlOsol Pgsql
Osol Pgsql
 
How to install squid proxy on server or how to install squid proxy on centos o
How to install squid proxy on server or how to install squid proxy on centos oHow to install squid proxy on server or how to install squid proxy on centos o
How to install squid proxy on server or how to install squid proxy on centos o
 
Operation outbreak
Operation outbreakOperation outbreak
Operation outbreak
 
Keep it simple web development stack
Keep it simple web development stackKeep it simple web development stack
Keep it simple web development stack
 
Salesforce at Stacki Atlanta Meetup February 2016
Salesforce at Stacki Atlanta Meetup February 2016Salesforce at Stacki Atlanta Meetup February 2016
Salesforce at Stacki Atlanta Meetup February 2016
 
Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort
 
Debugging Ruby
Debugging RubyDebugging Ruby
Debugging Ruby
 
Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2
 
Most important "trick" of performance instrumentation
Most important "trick" of performance instrumentationMost important "trick" of performance instrumentation
Most important "trick" of performance instrumentation
 
PostgreSQL Portland Performance Practice Project - Database Test 2 Howto
PostgreSQL Portland Performance Practice Project - Database Test 2 HowtoPostgreSQL Portland Performance Practice Project - Database Test 2 Howto
PostgreSQL Portland Performance Practice Project - Database Test 2 Howto
 
How To Install and Configure SNMP on RHEL 7 or CentOS 7
How To Install and Configure SNMP on RHEL 7 or CentOS 7How To Install and Configure SNMP on RHEL 7 or CentOS 7
How To Install and Configure SNMP on RHEL 7 or CentOS 7
 
Ascs virtual
Ascs virtualAscs virtual
Ascs virtual
 
Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch Fix
 
Performance Wins with BPF: Getting Started
Performance Wins with BPF: Getting StartedPerformance Wins with BPF: Getting Started
Performance Wins with BPF: Getting Started
 
計算機性能の限界点とその考え方
計算機性能の限界点とその考え方計算機性能の限界点とその考え方
計算機性能の限界点とその考え方
 
Wait Events 10g
Wait Events 10gWait Events 10g
Wait Events 10g
 
Stacki - The1600+ Server Journey
Stacki - The1600+ Server JourneyStacki - The1600+ Server Journey
Stacki - The1600+ Server Journey
 
StackiFest16: Stacki 1600+ Server Journey - Dave Peterson, Salesforce
StackiFest16: Stacki 1600+ Server Journey - Dave Peterson, Salesforce StackiFest16: Stacki 1600+ Server Journey - Dave Peterson, Salesforce
StackiFest16: Stacki 1600+ Server Journey - Dave Peterson, Salesforce
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
 
PostgreSQL Procedural Languages: Tips, Tricks and Gotchas
PostgreSQL Procedural Languages: Tips, Tricks and GotchasPostgreSQL Procedural Languages: Tips, Tricks and Gotchas
PostgreSQL Procedural Languages: Tips, Tricks and Gotchas
 

Recently uploaded

Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningVitsRangannavar
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 

Recently uploaded (20)

Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learning
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 

Sap snc configuration

  • 1. AN ONE STOP GUIDE TO CONFIGURE SNC SAPROUTER Joy V.Ramachandran Consultant SAP BASIS IVL India Pvt Ltd Technopark , Trivandrum Kerala India joy.rama@sapgenie.com ; joy_rama@msn.com
  • 2. Contents SAP SNC CONFIGURATION........................................................................................ 3 DOWNLOADING CRYPTOGRAPHIC SOFTWARE............................................ 3 CREATING THE KEY.................................................................................................... 4 TRANSMITTING THE KEY.......................................................................................... 4 CREATING THE CERTIFICATE................................................................................. 6 IMPORTING CERTIFICATE........................................................................................ 6 START SNC SAP ROUTER ........................................................................................... 7 In Unix............................................................................................................................ 7 In windows..................................................................................................................... 7 SAPROUTTAB ENTRIES............................................................................................... 8 Example: ......................................................................................................................... 8 DEBUGGING.................................................................................................................... 9 Check whether certificate is installed correctly.............................................................. 9 CHECK THE ENVIRONMENT VARIABLES ........................................................ 9 UNIX........................................................................................................................... 9 WINDOWS................................................................................................................. 9
  • 3. SAP SNC CONFIGURATION DOWNLOADING CRYPTOGRAPHIC SOFTWARE Download the cryptographic software from service market place www.service.sap.com/tcs. As shown below. Extract the criptographic libraries and sapgenpse and ticket files in to the saprouter.exe location using # SAPCAR –xvf < cryprographic car file>
  • 4. CREATING THE KEY Next goto www.service.sap.com/tcp get the distingush name . Then execute the following commands by copy paste the distinguished name /* “CN & "OU " in the distingush name will be different for different organizations */ #./sapgenpse get_pse -v -r certreq -p local.pse "CN=yourhostname , OU=123456, OU=SAProuter, O=SAP, C=DE " Got absolute PSE path "/usr/sap/C11/SYS/exe/run/local.pse". Please enter PIN:<press enter> Please reenter PIN:<press enter> Supplied distinguished name: "CN=YourHostName, OU=12345, OU=SAProuter, O=SAP, C=DE " Generating key (RSA, 1024-bits) ... succeeded. certificate creation... ok PSE update... ok PKRoot... ok Generating certificate request... ok. TRANSMITTING THE KEY It will generate a key in "certreq " . Next step is copy this key to www.service.sap.com/tcp against your SAP router registration . The ---- BEGIN CERTIFICATE REQUEST to --- END CERTIFICATE REQUEST should also be copied */ # cat certreq -----BEGIN CERTIFICATE REQUEST----- MIIBmDCCAQECAQAwWDELMAkGA1UEBhMCREUxDDAKBgNVBAoTA1NBUDESMBAGA1UE CxMJU0FQcm91dGVyMRMwEQYDVQQLEwowMDAwNjMyNzY2MRIwEAYDVQQDEwltZnFz YXBwcmQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAP/sY2nK8NR85+HZne3d 7ZQITR2tdlCG8gbJ/88SWFcWrjmD5me8jR9x9ut8wISSVkWgKCCZ/fM74XRGlU4V HQ/8hjht8bP93Uyf06hE9re//SszGlySNdhG3TMx/wslJW8PAk0KXGozjMJrKRVE Pd4Upb7jKhGoTcyaqJNi7SILAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQA3mM3W 9qBgCXcoN/XGp6/odakIQzRsQ8PJYhu2ogEwDixu3bNWW3doiiglqCCsJdyAdzfi /yY/bUk/SJxDWVXZzYfw5c0Y3wmbDhqqLw3mm7nbVWFn6q8cn9MNeF1FdlUIfY7O Yq8Inb/ropL1eMnkT1hepa79HIfdmHoAdjXDGQ== -----END CERTIFICATE REQUEST-----
  • 5. Copy the above key and paste it like shown below After Copying, click on the "Request Certificate" Button . Next screen will display the certificate. Copy and paste the generated certificate in a new file named 'srcert' in the same location of your saprouter . N:B Do not forget to copy the BEGIN and END tags too.
  • 6. CREATING THE CERTIFICATE Windows users can use notepad and UNIX vi editor. vi srcert < paste> <ESC><SHIFT> : x # vi srcert -----BEGIN CERTIFICATE----- MIIHqAYJKoZIhvcNAQcCoIIHmTCCB5UCAQExADALBgkqhkiG9w0BBwGgggd9MIICd TCCAd6gAwIBAgICI1MwDQYJKoZIhvcNAQEEBQAwRjELMAkGA1UEBhMCREUxDDAKBg NVBAoTA1NBUDESMBAGA1UECxMJU0FQcm91dGVyMRUwEwYDVQQDEwxTQVByb3V0ZXI gQ0EwHhcNMDQwMTIxMDQwMDI0WhcNMDUwMTIxMDQwMDI0WjBYMQswCQYDVQQGEwJE RTEMMAoGA1UEChMDU0FQMRIwEAYDVQQLEwlTQVByb3V0ZXIxEzARBgNVBAsTCjAwM DA2MzI3NjYxEjAQBgNVBAMTCW1mcXNhcHByZDCBnzANBgkqhkiG9w0BAQEFAAOBjQ AwgYkCgYEA/+xjacrw1Hzn4dmd7d3tlAhNHa12UIbyBsn/zxJYVxauOYPmZ7yNH3H 263zAhJJWRaAoIJn98zvhdEaVThUdD/yGOG3xs/3dTJ/TqET2t7/9KzMaXJI12Ebd MzH/CyUlbw8CTQpcajOMwmspFUQ93hSlvuMqEahNzJqok2LtIgsCAwEAAaNgMF4wD <- --------- LINES DELETED ----------------------------------- hvcNAQEBBQADgY0AMIGJAoGBAP6a6fk9E5Is6WO84kyTjY08fMi2IsCzfC0NYkp3C Vb0cx04csKiZZwB/V+IOICtx+C4mUpxDeDnT07i6onBKLqs3Jj5opOABe3pOHABOk a+GiajTQ4MBHpgf7pb5zRAdqp7G6gx0bzGNIHxLx1U4jzbvZJF9xUIRJUBy44adK2 /AgMBAAGjaTBnMA8GA1UdEwEB/wQFMAMBAf8wJQYDVR0RBB4wHIYaaHR0cDovL3Nl cnZpY2Uuc2FwLmNvbS9UQ1MwDgYDVR0PAQH/BAQDAgH2MB0GA1UdDgQWBBSivTpjU s0Z/L7oQ9Cu5YSgSffa/DAJBgUrDgMCHQUAA4GBAMgUUSEs6bZKH067xP+RWnJ4fP 3l/qoydP3PZvCO4ThQHkhqMMhG+28J+jyWMijklAnJsJaWePBEBPbtLC5nKjNIZuW WZaGOinWz192FGAHnoN2z0dcUTUljZLJrY/9NrCbfpC2TEqBQf1+Sr82DlJL6wmCX Ejlpr1Kk/g7ZPYorMQA= -----END CERTIFICATE----- <ESC><SHIFT> : x IMPORTING CERTIFICATE Next step is to import this certificate using the below command syntax . # ./sapgenpse import_own_cert -c srcert -p local.pse CA-Response successfully imported into PSE "/usr/sap/MPS/SYS/exe/run/local.pse"
  • 7. SETTING SECURED LOGIN TO SAPROUTER Now specify the user who is allowed secure login to PSE Use < sid> adm if you want to start saprouter with sap admin user. If you omit -O <user>, the credentials are created for the logged in user account who is running the below command ) # ./sapgenpse seclogin -p local.pse -O saprouterUser running seclogin with USER="saprouterUser" creating credentials for yourself (USER="saprouterUser ")... Added SSO-credentials for PSE "/usr/sap/C11/SYS/exe/run/local.pse" "CN=YourHostName, OU=12345, OU=SAProuter, O=SAP, C=DE" N:B Check a file named cred_v2 is created in the same directory START SNC SAP ROUTER In Unix In UNIX use the below sysntax to start sap router using SNC # nohup ./saprouter -r -G routerlog -S 3299 -K "p:CN=YourHostName, OU=12345, OU=SAProuter, O=SAP, C=DE" & In windows In Windows use the below syntax <Drive>:SNC-SaprouterDirectory saprouter -r -G routerlog -S 3299 –K "p:CN=YourHostName, OU=12345, OU=SAProuter, O=SAP, C=DE" N:B –K option tells saprouter to load the SNC cryptographic library too.
  • 8. SAPROUTTAB ENTRIES For SNC SAPROUTER , the enries should not be the same as non-saprouter ./saprouttab should contain at least the following entries # inbound connections MUST use SNC KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <your_server1> <port_number> # repeat this for the servers and port_numbers you will need to allow, # please make sure that all explicit ports are inserted in front of a # generic entry '*' for port_number # outbound connections to <sapservX> will use SNC KT "p:CN=sapserv2 OU=SAProuter, O=SAP, C=DE" <sapservX> <sapservX_inbound_port> # permission entries to check if connection is allowed at all P <IP address of a local host> <IP address of sapserv2> # all other connections will be denied D * * * Example: For a SNC encrypted connection to the SAPRouter on sapserv2 (194.39.131.34), the saprouttab should contain the following entries: # # SNC-connection from and to SAP KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 * # SNC-connection from SAP to local R/3-System for Support KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> <R/3- Instance> # SNC-connection from SAP to local R/3-System for NetMeeting, if it is needed KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 1503 # SNC-connection from SAP to local R/3-System for saptelnet, if it is needed KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 23 # Access from the local Network to SAPNet - R/3 Frontend (OSS) P <IP-addess of a local PC> 194.39.131.34 3299 # deny all other connections D * * *
  • 9. DEBUGGING Check whether certificate is installed correctly # ./sapgenpse get_my_name -v -n issuer Opening PSE "/usr/sap/C11/SYS/exe/run/local.pse"... PSE open ok. ok. Retrieving my certificate... ok. Getting requested information... ok. SSO for USER "UserID" with PSE file "/usr/sap/C11/SYS/exe/run/local.pse" Issuer : CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE If any errors found in the above , you can do all the steps once again . But make sure that cred_v2, local.pse is deleted . If you whant to create the ket once again delete certreq file too before doing so. CHECK THE ENVIRONMENT VARIABLES Create the following entries are there in the .login ( dot login) script of the SNC saprouter user . ONLY THE BOLD AREAS UNIX set path = ( /usr/bin /etc /usr/sbin /usr/ucb $HOME/bin /usr/bin/C11 /sbin /usr/SNC-saprouter/snc_library /usr/lib . ) setenv MAIL "/var/spool/mail/$LOGNAME" setenv SECUDIR “/usr/SNC-saprouter” setenv SNC_LIB "/usr/SNC-Saprouter/snc_library/libsapcrypto.o" setenv LIBPATH "/usr/lib:/lib:/usr/sap/C11/SYS/exe/run:/oracle/C11/92_64/lib:/usr/SNC- saprouter/snc_library” WINDOWS For windows create PATH, SECUDIR, SNC_LIB and LIBPATH in their environment settings area.