SAPRouter – installation and configuration on Linux
Today in a few points I’ll try to show You how to install and configure saprouter on Linux system. In my case, Linux is a new host.
- Use the latest SAProuter version, which can be downloaded from the SAP Software Download Center.
On the Support Packages & Patches tab click:
A-Z Alphabetical List of Products > S > SAPROUTER > SAPROUTER (latest versions) > select OS from drop-down > select saprouter_XXX-XXXXXXXX.SAR > Download Basket button
- Download the latest SAP Cryptographic Library from the SAP Software Download Center.
On the Support Packages & Patches tab click:
A-Z Alphabetical List of Products > S > SAPCRYPTOLIB > COMMONCRYPTOLIB (latest version) > select OS from drop-down > select SAPCRYPTOLIBP_xxxx-xxxxxxxx.SAR > Download Basket button
- Download the SAPCAR executable, which is necessary to unpack SAR archives, from any Installation Kernel CD or from the SAP Software Download Center.
On the Support Packages & Patches tab click:
A-Z Alphabetical List of Products > S > SAPCAR > SAPCAR (latest version) > your prefered OS version > SAPCAR_xxx-xxxxxxxx.EXE
4. Logon on Linux as a root
- Create directory: /usr/sap/saprouter
- Create group sapsys, e.g. groupadd -g 1000 sapsys
- Add new user, e.g. saprouter -> useradd -u 15000 -g 1000 -c “SAPRouter Admin” -s /bin/bash -m -d /home/saprouter saprouter
- Copy all *.SAR files to /usr/sap/saprouter directory and next unpack all using commad: SAPCAR -xvf saprouter_XXX-XXXXXXXX.SAR and next SAPCAR -xvf SAPCRYPTOLIBP_xxxx-xxxxxxxx.SAR.
- Set the environment variables SNC_LIB and SECUDIR for saprouter user.
export SECUDIR=/usr/sap/saprouter
export SNC_LIB=/usr/sap/saprouter/libsapcrypto.so
export PATH=$PATH:/usr/sap/saprouter
5. Go to the SAProuter application and from the list of SAProuters registered to Your installation. To register a new SAPRouter You have to contact Your system administrator OR contact SAP Support (XX-SER-NET).
6. If You see Your new saprouter on the list under URL from point 5 You can continue. Now Generate the certificate request with the following command:
sapgenpse gen_pse -v -r certreq -p local.pse "CN=YourHostname, OU=000XXXXXXX, OU=SAProuter, O=SAP, C=DE"
7. Display the output file “certreq” and with copy & paste (including the BEGIN and END statement) insert the certificate request into the text area of the SAProuter application from which you copied the Distinguished Name.
8. In response You will receive the certificate signed by the CA in a new text area in the SAProuter application. Copy & paste the text to a new local file named “srcert”, which must be created in the same directory as the sapgenpse executable.
9. Install the certificate in Your SAProuter using command:
sapgenpse import_own_cert -c srcert -p local.pse -x <pse password>
10. Create the credentials for the SAProuter using commad:
sapgenpse seclogin -p local.pse -x <pse password> -O <user_for _SAProuter>
11. Check if the certificate has been imported successfully with the following command:
sapgenpse get_my_name -v
In the next week, we’ll be continuing. You will be able to see how to create the rules in to saproutertab file. I also show You how to create saprouter systemd daemon.