SAP router installation
SAP支持提供:
You can test the connection with the following parameter:
Destination IP address at SAP side: 169.145.197.110
Hostname of this machine : sapserv9
Customer data
Hostname SAProuter : hostname
IP address SAProuter : xxx.xxx.xxx.xxx
Your Distinguished Name:
"CN=hostname, OU=0000xxxxxxxx, OU=SAProuter, O=SAP, C=DE"
1、下载saprouter和sapcrypto
创建saprouter目录
mkdir /usr/sap/saprouter
并将下载的软件包解压到此目录
2、环境变量设置
SAP 推荐使用CSH,CSH下面设置环境变量的命令:
>setenv SECUDIR /usr/sap/saprouter/
>setenv SNC_LIB /usr/sap/saprouter/linux-x86_64-glibc2.3/libsapcrypto.so
3、生成证书
>./sapgenpse get_pse -v -r certreq -p local.pse "CN=sapslm, OU=0000870197, OU=SAProuter, O=SAP, C=DE"
Got absolute PSE path "/usr/sap/saprouter/local.pse".
Please enter PIN: ********
Please reenter PIN: ********
Supplied distinguished name: "CN=sapslm, OU=0000870197, OU=SAProuter, O=SAP, C=DE"
Creating PSE with format v2 (default)
Generating key (RSA, 1024-bits) ... succeeded.
certificate creation... ok
PSE update... ok
PKRoot... ok
Generating certificate request... ok.
4、生成srcert密钥
复制certreq文本内容 https://websmp207.sap-ag.de/saprouter-sncadd 生成
(注意:certreq 、srcert两个文件都没有后缀)
5、证书导入
> ./sapgenpse import_own_cert -c srcert -p local.pse
Please enter PIN: ********
CA-Response successfully imported into PSE "/usr/sap/saprouter/local.pse"
6、SAProuter证书和系统账号关联
>./sapgenpse seclogin -p local.pse
running seclogin with USER="slmadm"
Please enter PIN: ********
Added SSO-credentials for PSE "/usr/sap/saprouter/local.pse"
"CN=hostname, OU=0000xxxxxx, OU=SAProuter, O=SAP, C=DE"
这里会生成cred_v2文件,将在下一步检查证书时使用
7、检查证书
>./sapgenpse get_my_name -v -n Issuer
Opening PSE "/usr/sap/saprouter/local.pse"...
PSE (v2) open ok.
Retrieving my certificate... ok.
Getting requested information... ok.
SSO for USER "slmadm"
with PSE file "/usr/sap/saprouter/local.pse"
Issuer : CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE
至此,SAProuter与sapcrypto安装成功
8、启动SAProuter之前的其他准备工作
在saprouter目录下,创建saprouttab文件(SAP会提供最初的内容信息).
检查services文件相对应的3299端口。
检查环境变量是否正确。
启动saprouter
> ./saprouter -r -K "p:CN=hostname, OU=0000xxxxxx, OU=SAProuter, O=SAP, C=DE"
SAP 配置
1、OSS1
T_code:OSS1
Parameter -->Technical setting 配置如下信息后,保存。
2、OSS连接配置
T_code:SM59
ABAP Connections -- > SAPOSS
Technical Settings
Target System:OSS
Msg.server:/H/LAN IP/S/sapdp99/H/server9 IP/S/sapdp99/H/oss001
Group:EWA
IP Address:/H/LAN IP/S/sapdp99/H/server9 IP/S/sapdp99/H/oss001
Logon & security
Language:EN
Client:001
User :OSS_RFC
Password:CPIC
完成后,点击Connection Test.
Had refer : https://websmp202.sap-ag.de/saprouter-sncdoc.
SAP支持提供:
You can test the connection with the following parameter:
Destination IP address at SAP side: 169.145.197.110
Hostname of this machine : sapserv9
Customer data
Hostname SAProuter : hostname
IP address SAProuter : xxx.xxx.xxx.xxx
Your Distinguished Name:
"CN=hostname, OU=0000xxxxxxxx, OU=SAProuter, O=SAP, C=DE"
1、下载saprouter和sapcrypto
创建saprouter目录
mkdir /usr/sap/saprouter
并将下载的软件包解压到此目录
2、环境变量设置
SAP 推荐使用CSH,CSH下面设置环境变量的命令:
>setenv SECUDIR /usr/sap/saprouter/
>setenv SNC_LIB /usr/sap/saprouter/linux-x86_64-glibc2.3/libsapcrypto.so
3、生成证书
>./sapgenpse get_pse -v -r certreq -p local.pse "CN=sapslm, OU=0000870197, OU=SAProuter, O=SAP, C=DE"
Got absolute PSE path "/usr/sap/saprouter/local.pse".
Please enter PIN: ********
Please reenter PIN: ********
Supplied distinguished name: "CN=sapslm, OU=0000870197, OU=SAProuter, O=SAP, C=DE"
Creating PSE with format v2 (default)
Generating key (RSA, 1024-bits) ... succeeded.
certificate creation... ok
PSE update... ok
PKRoot... ok
Generating certificate request... ok.
4、生成srcert密钥
复制certreq文本内容 https://websmp207.sap-ag.de/saprouter-sncadd 生成
(注意:certreq 、srcert两个文件都没有后缀)
5、证书导入
> ./sapgenpse import_own_cert -c srcert -p local.pse
Please enter PIN: ********
CA-Response successfully imported into PSE "/usr/sap/saprouter/local.pse"
6、SAProuter证书和系统账号关联
>./sapgenpse seclogin -p local.pse
running seclogin with USER="slmadm"
Please enter PIN: ********
Added SSO-credentials for PSE "/usr/sap/saprouter/local.pse"
"CN=hostname, OU=0000xxxxxx, OU=SAProuter, O=SAP, C=DE"
这里会生成cred_v2文件,将在下一步检查证书时使用
7、检查证书
>./sapgenpse get_my_name -v -n Issuer
Opening PSE "/usr/sap/saprouter/local.pse"...
PSE (v2) open ok.
Retrieving my certificate... ok.
Getting requested information... ok.
SSO for USER "slmadm"
with PSE file "/usr/sap/saprouter/local.pse"
Issuer : CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE
至此,SAProuter与sapcrypto安装成功
8、启动SAProuter之前的其他准备工作
在saprouter目录下,创建saprouttab文件(SAP会提供最初的内容信息).
检查services文件相对应的3299端口。
检查环境变量是否正确。
启动saprouter
> ./saprouter -r -K "p:CN=hostname, OU=0000xxxxxx, OU=SAProuter, O=SAP, C=DE"
SAP 配置
1、OSS1
T_code:OSS1
Parameter -->Technical setting 配置如下信息后,保存。
2、OSS连接配置
T_code:SM59
ABAP Connections -- > SAPOSS
Technical Settings
Target System:OSS
Msg.server:/H/LAN IP/S/sapdp99/H/server9 IP/S/sapdp99/H/oss001
Group:EWA
IP Address:/H/LAN IP/S/sapdp99/H/server9 IP/S/sapdp99/H/oss001
Logon & security
Language:EN
Client:001
User :OSS_RFC
Password:CPIC
完成后,点击Connection Test.
Had refer : https://websmp202.sap-ag.de/saprouter-sncdoc.