Install SAProuter+开线测试

Download SAProuter

1. Login to the SAP Support Portal with the S-User ID which is assigned to your installation.
2. Use the latest SAProuter version, which can be downloaded from the SAP Software Download Center.            On the Support Packages & Patches tab click:                                                                                A-Z Alphabetical List of Products > S > SAPROUTER > SAPROUTER                                         (latest versions) > select OS from drop-down >                                                                                     select saprouter_XXX-XXXXXXXX.sar > Download Basket button

3. Download the latest SAP Cryptographic Library from the SAP Software Download Center.
   On the Support Packages & Patches tab click:

   A-Z Alphabetical List of Products > S > SAPCRYPTOLIB > COMMONCRYPTOLIB (latest version) > select OS from
   drop-down > select SA PCRYPTOLIBP_xxxx-xxxxxxxx.SAR > Download Basket button

4. Download the SAPCAR executable, which is necessary to unpack SAR archives, from any Installation Kernel CD or
   from the SAP Software Download Center.
   On the Support Packages & Patches tab click:

   A-Z Alphabetical List of Products > S > SAPCAR > SAPCAR (latest version)
   >your preferred O.S. version > SAPCAR_xxx-xxxxxxxx.EXE

5. Execute the command SA PCAR_XXX-XXXXXXXX.EXE -xvf saprouter_XXX-XXXXXXXX.sar which will unpack the
   following files:

   / saprouterf.exe]
   niping[.exe}]

6. Execute the command SAPCAR_XXX-XXXXXXXX.EXE -xvf SAPCRYPTOLIBP_XXXX-XXXXXXXX.SAR which will
   unpack the following files:
   [lib]sapcrypto.[dll|so|sl]
   sapgenpsef.exe]                                                                                                                                                       Create the Credentials

7. . Logged on as an administrator, set the environment variables SNC LIB and SECUDIR:Windows NT. 2000. XP or higher                                                                                           SECUDIR = <directory of SAProuter>                                                                                            SNC LIB = <drive>: <path to libsecude>\sapcrypto.dll

8.  Go to the SAProuter application and from the list of SAProuters registered to your installation, choose the relevant SAProuter. 

9. You then have two options
   9.1. Generate a PSE (preferred option)
   a) You must provide a password, which will be used to create your SAProuter PSE
   b) Download the generated pse and save it as "local.pse" in the same directory as the sapgenpse executable.
   c) Skip the next step 3.2, and continue with step 4.
   9.2. Submit a CSR (to be used if 3.1 fails)
   a) Generate the certificate request with the following command
   sapgenpse get _pse -v -a sha256WithRsaEncryption -s 4096 - certreg -p local,pse -x <pse password> "<Distinguished Name>'                                                                                     Example:
   sapgenpse get_pse -v -a sha256WithRsaEncryption -s 4096 -r certreg -p local.pse -x examplePassword "CN=example.
   OU=0000123456.OU=SAProuter.O=SAP.C=DE"
   Alternatively use either of these two commands
   sapgenpse get pse -y -a sha256WithRsaEncryption -s 409 -noreg -p local,pse -x <pse password> "<Distinguished Name>'
   sapgenpse get_pse -v -onlyreq -r certreq -p local.pse -x <pse password>                           b) Display the output file "certreq" and with copy & paste (including the BECN and END statement) insert the certificate request into the text
   area of the SAProuter application from which you copied the Distinguished Name.
   c) in response vou wil receive the certifcate signed by the CA in a new text area in the SAProuter application. Copy & paste the text to a new
   local file named "srcert", which must be created in the same directory as the sapgenpse executable.
   d) With this in turn you can install the certificate in your SAProuter by calling
   sapgenpse import own cert -c srcert -p localpse -X <pse password>

10. Now you will have to create the credentials for the SAProuter with the same program (if you omit -0 <user for SAProuter>, the
    credentials are created for the logged in user account).
    sapgenpse seclogin -p local.pse -x <pse password> -0 <user for SAProuter>
    Note: f you chose to generate a new PSE previously and you are replacing an old PSE fle, then make sure to delete the old credential first.
    sapgenpse seclogin d <number of the old credential>       

11. This will create a file called "cred v2" in the same directory as "local.pse'                                     Notes:
    The account of the service user should always be entered in full <domainname> <username>
    For increased security, check that the file can only be accessed by the user running SAProuter
    On UNIx. do not allow any other access not even from the same group) as this will mean permissions being set to 600 or even 400
    On Windows check that the permissions are granted only to the user the service is running as.

12.    Check if the certificate has been imported successfully with the following command:
    sapgenpse get my name -y -n lssuer
    The name of the issuer should be
    CN=SAProuter CA.OU=SAProuter. O=SAP Trust Community Il. C=DE

13.  lf this is not the case. delete the files "cred v2" "localpse", "srcert" and "certreq" and start over at item 2. f the output still does not
    match. create a case using component XX-SER-NET stating the actions you have taken so far and the output of the sapgenpse commands
    executed.                                                                                                                                                                                       其他备注：     

14. 涉及的网站链接:
    https://support.sap.com/en/tools/connectivity-tools/saprouter/install-saprouter.html
    https://me.sap.com/softwarecenter
    https://me.sap.com/app/saproutercertificate

15. 第7步环境变量设置
    重复第10步，换电脑和加用户
    sapgenpse seclogin -p local.pse -x <pse password> -O <user_for _SAProuter>

16. 测试是否正常：
    sapgenpse get_my_name -n all
    其他可选测试命令：
    sapgenpse seclogin -p local.pse -x <pse password>
    sapgenpse seclogin -p local.pse -x   **** 

17. 开启router命令：
    saprouter -r -K "p:CN=ri***01, OU=00013608*4, OU=SAProuter, O=SAP, C=DE"

18. saprouttab加IP和端口
    远程链接服务器的地址--配置KP项：
    # SNC connection to and from SAP
    KT "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 169.145.197.110 * 
    # SNC connection to local system for R/3-Support
    # R/3 Server: 192.168.1.1 
    # R/3 Instance: 00
    KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 192.168.1.1 3200
    # SNC connection to local WINDOWS system for WTS, if applicable
    # Windows server: 192.168.1.2
    # Default WTS port: 3389
    KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 192.168.1.2 3389
    # SNC connection to local UNIX system for SAPtelnet, if applicable
    # UNIX server: 192.168.1.3
    # Default Telnet port: 23
    KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 192.168.1.3 23
    # SNC connection to local Portal system for URL access, if applicable
    # Portal server: myserver.mydomain
    # Port number: 50003
    KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" myserver.mydomain 50003
    # Access from local network to SAP
    P * 169.145.197.110 3299
    # deny all other connections
    D * * *

19. SAP网站加服务器

    https://me.sap.com/remoteconnectivity/000000000850242431

20. 反向链接sap服务器网络层面测试：
    niping.exe -c -H /H/*.*.203.159/H/169.145.197.110/H/localhost