SlideShare uma empresa Scribd logo

Sap snc configuration

Sugianto S.Kom
Sugianto S.Kom

Guide to COnfigure SNC SAPROUTER

Software
1 de 9
Baixar para ler offline
AN ONE STOP GUIDE TO CONFIGURE SNC SAPROUTER Joy V.Ramachandran Consultant SAP BASIS IVL India Pvt Ltd Technopark , Trivandrum Kerala India joy.rama@sapgenie.com ; joy_rama@msn.com
Contents SAP SNC CONFIGURATION........................................................................................ 3 DOWNLOADING CRYPTOGRAPHIC SOFTWARE............................................ 3 CREATING THE KEY.................................................................................................... 4 TRANSMITTING THE KEY.......................................................................................... 4 CREATING THE CERTIFICATE................................................................................. 6 IMPORTING CERTIFICATE........................................................................................ 6 START SNC SAP ROUTER ........................................................................................... 7 In Unix............................................................................................................................ 7 In windows..................................................................................................................... 7 SAPROUTTAB ENTRIES............................................................................................... 8 Example: ......................................................................................................................... 8 DEBUGGING.................................................................................................................... 9 Check whether certificate is installed correctly.............................................................. 9 CHECK THE ENVIRONMENT VARIABLES ........................................................ 9 UNIX........................................................................................................................... 9 WINDOWS................................................................................................................. 9
SAP SNC CONFIGURATION DOWNLOADING CRYPTOGRAPHIC SOFTWARE Download the cryptographic software from service market place www.service.sap.com/tcs. As shown below. Extract the criptographic libraries and sapgenpse and ticket files in to the saprouter.exe location using # SAPCAR –xvf < cryprographic car file>
CREATING THE KEY Next goto www.service.sap.com/tcp get the distingush name . Then execute the following commands by copy paste the distinguished name /* “CN & "OU " in the distingush name will be different for different organizations */ #./sapgenpse get_pse -v -r certreq -p local.pse "CN=yourhostname , OU=123456, OU=SAProuter, O=SAP, C=DE " Got absolute PSE path "/usr/sap/C11/SYS/exe/run/local.pse". Please enter PIN:<press enter> Please reenter PIN:<press enter> Supplied distinguished name: "CN=YourHostName, OU=12345, OU=SAProuter, O=SAP, C=DE " Generating key (RSA, 1024-bits) ... succeeded. certificate creation... ok PSE update... ok PKRoot... ok Generating certificate request... ok. TRANSMITTING THE KEY It will generate a key in "certreq " . Next step is copy this key to www.service.sap.com/tcp against your SAP router registration . The ---- BEGIN CERTIFICATE REQUEST to --- END CERTIFICATE REQUEST should also be copied */ # cat certreq -----BEGIN CERTIFICATE REQUEST----- MIIBmDCCAQECAQAwWDELMAkGA1UEBhMCREUxDDAKBgNVBAoTA1NBUDESMBAGA1UE CxMJU0FQcm91dGVyMRMwEQYDVQQLEwowMDAwNjMyNzY2MRIwEAYDVQQDEwltZnFz YXBwcmQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAP/sY2nK8NR85+HZne3d 7ZQITR2tdlCG8gbJ/88SWFcWrjmD5me8jR9x9ut8wISSVkWgKCCZ/fM74XRGlU4V HQ/8hjht8bP93Uyf06hE9re//SszGlySNdhG3TMx/wslJW8PAk0KXGozjMJrKRVE Pd4Upb7jKhGoTcyaqJNi7SILAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQA3mM3W 9qBgCXcoN/XGp6/odakIQzRsQ8PJYhu2ogEwDixu3bNWW3doiiglqCCsJdyAdzfi /yY/bUk/SJxDWVXZzYfw5c0Y3wmbDhqqLw3mm7nbVWFn6q8cn9MNeF1FdlUIfY7O Yq8Inb/ropL1eMnkT1hepa79HIfdmHoAdjXDGQ== -----END CERTIFICATE REQUEST-----
Copy the above key and paste it like shown below After Copying, click on the "Request Certificate" Button . Next screen will display the certificate. Copy and paste the generated certificate in a new file named 'srcert' in the same location of your saprouter . N:B Do not forget to copy the BEGIN and END tags too.
CREATING THE CERTIFICATE Windows users can use notepad and UNIX vi editor. vi srcert < paste> <ESC><SHIFT> : x # vi srcert -----BEGIN CERTIFICATE----- MIIHqAYJKoZIhvcNAQcCoIIHmTCCB5UCAQExADALBgkqhkiG9w0BBwGgggd9MIICd TCCAd6gAwIBAgICI1MwDQYJKoZIhvcNAQEEBQAwRjELMAkGA1UEBhMCREUxDDAKBg NVBAoTA1NBUDESMBAGA1UECxMJU0FQcm91dGVyMRUwEwYDVQQDEwxTQVByb3V0ZXI gQ0EwHhcNMDQwMTIxMDQwMDI0WhcNMDUwMTIxMDQwMDI0WjBYMQswCQYDVQQGEwJE RTEMMAoGA1UEChMDU0FQMRIwEAYDVQQLEwlTQVByb3V0ZXIxEzARBgNVBAsTCjAwM DA2MzI3NjYxEjAQBgNVBAMTCW1mcXNhcHByZDCBnzANBgkqhkiG9w0BAQEFAAOBjQ AwgYkCgYEA/+xjacrw1Hzn4dmd7d3tlAhNHa12UIbyBsn/zxJYVxauOYPmZ7yNH3H 263zAhJJWRaAoIJn98zvhdEaVThUdD/yGOG3xs/3dTJ/TqET2t7/9KzMaXJI12Ebd MzH/CyUlbw8CTQpcajOMwmspFUQ93hSlvuMqEahNzJqok2LtIgsCAwEAAaNgMF4wD <- --------- LINES DELETED ----------------------------------- hvcNAQEBBQADgY0AMIGJAoGBAP6a6fk9E5Is6WO84kyTjY08fMi2IsCzfC0NYkp3C Vb0cx04csKiZZwB/V+IOICtx+C4mUpxDeDnT07i6onBKLqs3Jj5opOABe3pOHABOk a+GiajTQ4MBHpgf7pb5zRAdqp7G6gx0bzGNIHxLx1U4jzbvZJF9xUIRJUBy44adK2 /AgMBAAGjaTBnMA8GA1UdEwEB/wQFMAMBAf8wJQYDVR0RBB4wHIYaaHR0cDovL3Nl cnZpY2Uuc2FwLmNvbS9UQ1MwDgYDVR0PAQH/BAQDAgH2MB0GA1UdDgQWBBSivTpjU s0Z/L7oQ9Cu5YSgSffa/DAJBgUrDgMCHQUAA4GBAMgUUSEs6bZKH067xP+RWnJ4fP 3l/qoydP3PZvCO4ThQHkhqMMhG+28J+jyWMijklAnJsJaWePBEBPbtLC5nKjNIZuW WZaGOinWz192FGAHnoN2z0dcUTUljZLJrY/9NrCbfpC2TEqBQf1+Sr82DlJL6wmCX Ejlpr1Kk/g7ZPYorMQA= -----END CERTIFICATE----- <ESC><SHIFT> : x IMPORTING CERTIFICATE Next step is to import this certificate using the below command syntax . # ./sapgenpse import_own_cert -c srcert -p local.pse CA-Response successfully imported into PSE "/usr/sap/MPS/SYS/exe/run/local.pse"
SETTING SECURED LOGIN TO SAPROUTER Now specify the user who is allowed secure login to PSE Use < sid> adm if you want to start saprouter with sap admin user. If you omit -O <user>, the credentials are created for the logged in user account who is running the below command ) # ./sapgenpse seclogin -p local.pse -O saprouterUser running seclogin with USER="saprouterUser" creating credentials for yourself (USER="saprouterUser ")... Added SSO-credentials for PSE "/usr/sap/C11/SYS/exe/run/local.pse" "CN=YourHostName, OU=12345, OU=SAProuter, O=SAP, C=DE" N:B Check a file named cred_v2 is created in the same directory START SNC SAP ROUTER In Unix In UNIX use the below sysntax to start sap router using SNC # nohup ./saprouter -r -G routerlog -S 3299 -K "p:CN=YourHostName, OU=12345, OU=SAProuter, O=SAP, C=DE" & In windows In Windows use the below syntax <Drive>:SNC-SaprouterDirectory saprouter -r -G routerlog -S 3299 –K "p:CN=YourHostName, OU=12345, OU=SAProuter, O=SAP, C=DE" N:B –K option tells saprouter to load the SNC cryptographic library too.
SAPROUTTAB ENTRIES For SNC SAPROUTER , the enries should not be the same as non-saprouter ./saprouttab should contain at least the following entries # inbound connections MUST use SNC KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <your_server1> <port_number> # repeat this for the servers and port_numbers you will need to allow, # please make sure that all explicit ports are inserted in front of a # generic entry '*' for port_number # outbound connections to <sapservX> will use SNC KT "p:CN=sapserv2 OU=SAProuter, O=SAP, C=DE" <sapservX> <sapservX_inbound_port> # permission entries to check if connection is allowed at all P <IP address of a local host> <IP address of sapserv2> # all other connections will be denied D * * * Example: For a SNC encrypted connection to the SAPRouter on sapserv2 (194.39.131.34), the saprouttab should contain the following entries: # # SNC-connection from and to SAP KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 * # SNC-connection from SAP to local R/3-System for Support KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> <R/3- Instance> # SNC-connection from SAP to local R/3-System for NetMeeting, if it is needed KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 1503 # SNC-connection from SAP to local R/3-System for saptelnet, if it is needed KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 23 # Access from the local Network to SAPNet - R/3 Frontend (OSS) P <IP-addess of a local PC> 194.39.131.34 3299 # deny all other connections D * * *
DEBUGGING Check whether certificate is installed correctly # ./sapgenpse get_my_name -v -n issuer Opening PSE "/usr/sap/C11/SYS/exe/run/local.pse"... PSE open ok. ok. Retrieving my certificate... ok. Getting requested information... ok. SSO for USER "UserID" with PSE file "/usr/sap/C11/SYS/exe/run/local.pse" Issuer : CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE If any errors found in the above , you can do all the steps once again . But make sure that cred_v2, local.pse is deleted . If you whant to create the ket once again delete certreq file too before doing so. CHECK THE ENVIRONMENT VARIABLES Create the following entries are there in the .login ( dot login) script of the SNC saprouter user . ONLY THE BOLD AREAS UNIX set path = ( /usr/bin /etc /usr/sbin /usr/ucb $HOME/bin /usr/bin/C11 /sbin /usr/SNC-saprouter/snc_library /usr/lib . ) setenv MAIL "/var/spool/mail/$LOGNAME" setenv SECUDIR “/usr/SNC-saprouter” setenv SNC_LIB "/usr/SNC-Saprouter/snc_library/libsapcrypto.o" setenv LIBPATH "/usr/lib:/lib:/usr/sap/C11/SYS/exe/run:/oracle/C11/92_64/lib:/usr/SNC- saprouter/snc_library” WINDOWS For windows create PATH, SECUDIR, SNC_LIB and LIBPATH in their environment settings area.

Recomendados

Creating "Secure" PHP applications, Part 2, Server Hardening
Creating "Secure" PHP applications, Part 2, Server HardeningCreating "Secure" PHP applications, Part 2, Server Hardening
Creating "Secure" PHP applications, Part 2, Server Hardeningarchwisp
 
Introduction to SAGA HighPerformance Computing
Introduction to SAGA HighPerformance ComputingIntroduction to SAGA HighPerformance Computing
Introduction to SAGA HighPerformance ComputingDavid Peris Navarro
 
Passive SSH, a Fast-Lookup Database of SSH Key Materials to Support Incident ...
Passive SSH, a Fast-Lookup Database of SSH Key Materials to Support Incident ...Passive SSH, a Fast-Lookup Database of SSH Key Materials to Support Incident ...
Passive SSH, a Fast-Lookup Database of SSH Key Materials to Support Incident ...adulau
 
Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort webhostingguy
 
Drush - for zero to hero
Drush - for zero to heroDrush - for zero to hero
Drush - for zero to heroRoel Meester
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoTiago Cruz
 
Linuxserver harden
Linuxserver hardenLinuxserver harden
Linuxserver hardenGregory Hanis
 
Linux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsLinux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsSunil Paudel
 

Recomendados

Creating "Secure" PHP applications, Part 2, Server Hardening
Creating "Secure" PHP applications, Part 2, Server HardeningCreating "Secure" PHP applications, Part 2, Server Hardening
Creating "Secure" PHP applications, Part 2, Server Hardeningarchwisp
 
Introduction to SAGA HighPerformance Computing
Introduction to SAGA HighPerformance ComputingIntroduction to SAGA HighPerformance Computing
Introduction to SAGA HighPerformance ComputingDavid Peris Navarro
 
Passive SSH, a Fast-Lookup Database of SSH Key Materials to Support Incident ...
Passive SSH, a Fast-Lookup Database of SSH Key Materials to Support Incident ...Passive SSH, a Fast-Lookup Database of SSH Key Materials to Support Incident ...
Passive SSH, a Fast-Lookup Database of SSH Key Materials to Support Incident ...adulau
 
Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort webhostingguy
 
Drush - for zero to hero
Drush - for zero to heroDrush - for zero to hero
Drush - for zero to heroRoel Meester
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoTiago Cruz
 
Linuxserver harden
Linuxserver hardenLinuxserver harden
Linuxserver hardenGregory Hanis
 
Linux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsLinux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsSunil Paudel
 
Ipsec
IpsecIpsec
IpsecEddy Barzallo
 
Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...
Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...
Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...IT Tech
 
Using SQL to process hierarchies
Using SQL to process hierarchiesUsing SQL to process hierarchies
Using SQL to process hierarchiesConnor McDonald
 
NSClient Workshop: 04 Protocols
NSClient Workshop: 04 ProtocolsNSClient Workshop: 04 Protocols
NSClient Workshop: 04 ProtocolsMichael Medin
 
New text document (2)
New text document (2)New text document (2)
New text document (2)Furqaan Aan
 
Deleting a vserver in Netapp cluster mode
Deleting a vserver in Netapp cluster mode Deleting a vserver in Netapp cluster mode
Deleting a vserver in Netapp cluster mode Saroj Sahu
 
Crack.ba
Crack.baCrack.ba
Crack.baYance Iyai
 
Simple Misconfiguration Equals Network Vulnerability!
Simple Misconfiguration Equals Network Vulnerability!Simple Misconfiguration Equals Network Vulnerability!
Simple Misconfiguration Equals Network Vulnerability!shira koper
 
Algosec how to avoid business outages from misconfigured devices final
Algosec how to avoid business outages from misconfigured devices finalAlgosec how to avoid business outages from misconfigured devices final
Algosec how to avoid business outages from misconfigured devices finalMaytal Levi
 
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...AlgoSec
 
Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleChanaka Lasantha
 
Install cacti on open suse 13
Install cacti on open suse 13Install cacti on open suse 13
Install cacti on open suse 13Vanda KANY
 
How To Configure Nginx Load Balancer on CentOS 7
How To Configure Nginx Load Balancer on CentOS 7How To Configure Nginx Load Balancer on CentOS 7
How To Configure Nginx Load Balancer on CentOS 7VCP Muthukrishna
 
How To Install and Configure SUDO on RHEL 7
How To Install and Configure SUDO on RHEL 7How To Install and Configure SUDO on RHEL 7
How To Install and Configure SUDO on RHEL 7VCP Muthukrishna
 
Hp Linux
Hp LinuxHp Linux
Hp Linuxtelab
 
Securing the tunnel with Raccoon
Securing the tunnel with RaccoonSecuring the tunnel with Raccoon
Securing the tunnel with RaccoonGloria Stoilova
 
Gns3moi
Gns3moiGns3moi
Gns3moiKhỉ Lùn
 
How To Install and Configure Salt Master on Ubuntu
How To Install and Configure Salt Master on UbuntuHow To Install and Configure Salt Master on Ubuntu
How To Install and Configure Salt Master on UbuntuVCP Muthukrishna
 
SnortReport Presentation
SnortReport PresentationSnortReport Presentation
SnortReport Presentationwebhostingguy
 
Capital onehadoopclass
Capital onehadoopclassCapital onehadoopclass
Capital onehadoopclassDoug Chang
 
Osol Pgsql
Osol PgsqlOsol Pgsql
Osol PgsqlEmanuel Calvo
 
How to install squid proxy on server or how to install squid proxy on centos o
How to install squid proxy on server or how to install squid proxy on centos oHow to install squid proxy on server or how to install squid proxy on centos o
How to install squid proxy on server or how to install squid proxy on centos oProxiesforrent
 

Mais conteúdo relacionado

Mais procurados

Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...
Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...
Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...IT Tech
 
Using SQL to process hierarchies
Using SQL to process hierarchiesUsing SQL to process hierarchies
Using SQL to process hierarchiesConnor McDonald
 
NSClient Workshop: 04 Protocols
NSClient Workshop: 04 ProtocolsNSClient Workshop: 04 Protocols
NSClient Workshop: 04 ProtocolsMichael Medin
 
New text document (2)
New text document (2)New text document (2)
New text document (2)Furqaan Aan
 
Deleting a vserver in Netapp cluster mode
Deleting a vserver in Netapp cluster mode Deleting a vserver in Netapp cluster mode
Deleting a vserver in Netapp cluster mode Saroj Sahu
 
Simple Misconfiguration Equals Network Vulnerability!
Simple Misconfiguration Equals Network Vulnerability!Simple Misconfiguration Equals Network Vulnerability!
Simple Misconfiguration Equals Network Vulnerability!shira koper
 
Algosec how to avoid business outages from misconfigured devices final
Algosec how to avoid business outages from misconfigured devices finalAlgosec how to avoid business outages from misconfigured devices final
Algosec how to avoid business outages from misconfigured devices finalMaytal Levi
 
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...AlgoSec
 
Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleChanaka Lasantha
 
Install cacti on open suse 13
Install cacti on open suse 13Install cacti on open suse 13
Install cacti on open suse 13Vanda KANY
 
How To Configure Nginx Load Balancer on CentOS 7
How To Configure Nginx Load Balancer on CentOS 7How To Configure Nginx Load Balancer on CentOS 7
How To Configure Nginx Load Balancer on CentOS 7VCP Muthukrishna
 
How To Install and Configure SUDO on RHEL 7
How To Install and Configure SUDO on RHEL 7How To Install and Configure SUDO on RHEL 7
How To Install and Configure SUDO on RHEL 7VCP Muthukrishna
 
Hp Linux
Hp LinuxHp Linux
Hp Linuxtelab
 
Securing the tunnel with Raccoon
Securing the tunnel with RaccoonSecuring the tunnel with Raccoon
Securing the tunnel with RaccoonGloria Stoilova
 
How To Install and Configure Salt Master on Ubuntu
How To Install and Configure Salt Master on UbuntuHow To Install and Configure Salt Master on Ubuntu
How To Install and Configure Salt Master on UbuntuVCP Muthukrishna
 
SnortReport Presentation
SnortReport PresentationSnortReport Presentation
SnortReport Presentationwebhostingguy
 
Capital onehadoopclass
Capital onehadoopclassCapital onehadoopclass
Capital onehadoopclassDoug Chang
 

Mais procurados (20)

Ipsec
IpsecIpsec
Ipsec
 
Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...
Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...
Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...
 
Using SQL to process hierarchies
Using SQL to process hierarchiesUsing SQL to process hierarchies
Using SQL to process hierarchies
 
NSClient Workshop: 04 Protocols
NSClient Workshop: 04 ProtocolsNSClient Workshop: 04 Protocols
NSClient Workshop: 04 Protocols
 
New text document (2)
New text document (2)New text document (2)
New text document (2)
 
Deleting a vserver in Netapp cluster mode
Deleting a vserver in Netapp cluster mode Deleting a vserver in Netapp cluster mode
Deleting a vserver in Netapp cluster mode
 
Crack.ba
Crack.baCrack.ba
Crack.ba
 
Simple Misconfiguration Equals Network Vulnerability!
Simple Misconfiguration Equals Network Vulnerability!Simple Misconfiguration Equals Network Vulnerability!
Simple Misconfiguration Equals Network Vulnerability!
 
Algosec how to avoid business outages from misconfigured devices final
Algosec how to avoid business outages from misconfigured devices finalAlgosec how to avoid business outages from misconfigured devices final
Algosec how to avoid business outages from misconfigured devices final
 
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
 
Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmaple
 
Install cacti on open suse 13
Install cacti on open suse 13Install cacti on open suse 13
Install cacti on open suse 13
 
How To Configure Nginx Load Balancer on CentOS 7
How To Configure Nginx Load Balancer on CentOS 7How To Configure Nginx Load Balancer on CentOS 7
How To Configure Nginx Load Balancer on CentOS 7
 
How To Install and Configure SUDO on RHEL 7
How To Install and Configure SUDO on RHEL 7How To Install and Configure SUDO on RHEL 7
How To Install and Configure SUDO on RHEL 7
 
Hp Linux
Hp LinuxHp Linux
Hp Linux
 
Securing the tunnel with Raccoon
Securing the tunnel with RaccoonSecuring the tunnel with Raccoon
Securing the tunnel with Raccoon
 
Gns3moi
Gns3moiGns3moi
Gns3moi
 
How To Install and Configure Salt Master on Ubuntu
How To Install and Configure Salt Master on UbuntuHow To Install and Configure Salt Master on Ubuntu
How To Install and Configure Salt Master on Ubuntu
 
SnortReport Presentation
SnortReport PresentationSnortReport Presentation
SnortReport Presentation
 
Capital onehadoopclass
Capital onehadoopclassCapital onehadoopclass
Capital onehadoopclass
 

Semelhante a Sap snc configuration

How to install squid proxy on server or how to install squid proxy on centos o
How to install squid proxy on server or how to install squid proxy on centos oHow to install squid proxy on server or how to install squid proxy on centos o
How to install squid proxy on server or how to install squid proxy on centos oProxiesforrent
 
Keep it simple web development stack
Keep it simple web development stackKeep it simple web development stack
Keep it simple web development stackEric Ahn
 
Salesforce at Stacki Atlanta Meetup February 2016
Salesforce at Stacki Atlanta Meetup February 2016Salesforce at Stacki Atlanta Meetup February 2016
Salesforce at Stacki Atlanta Meetup February 2016StackIQ
 
Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort webhostingguy
 
Debugging Ruby
Debugging RubyDebugging Ruby
Debugging RubyAman Gupta
 
Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Hell19
 
Most important "trick" of performance instrumentation
Most important "trick" of performance instrumentationMost important "trick" of performance instrumentation
Most important "trick" of performance instrumentationCary Millsap
 
PostgreSQL Portland Performance Practice Project - Database Test 2 Howto
PostgreSQL Portland Performance Practice Project - Database Test 2 HowtoPostgreSQL Portland Performance Practice Project - Database Test 2 Howto
PostgreSQL Portland Performance Practice Project - Database Test 2 HowtoMark Wong
 
How To Install and Configure SNMP on RHEL 7 or CentOS 7
How To Install and Configure SNMP on RHEL 7 or CentOS 7How To Install and Configure SNMP on RHEL 7 or CentOS 7
How To Install and Configure SNMP on RHEL 7 or CentOS 7VCP Muthukrishna
 
Ascs virtual
Ascs virtualAscs virtual
Ascs virtualwistwiser
 
Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixDiana Tkachenko
 
Performance Wins with BPF: Getting Started
Performance Wins with BPF: Getting StartedPerformance Wins with BPF: Getting Started
Performance Wins with BPF: Getting StartedBrendan Gregg
 
計算機性能の限界点とその考え方
計算機性能の限界点とその考え方計算機性能の限界点とその考え方
計算機性能の限界点とその考え方Naoto MATSUMOTO
 
Wait Events 10g
Wait Events 10gWait Events 10g
Wait Events 10gsagai
 
StackiFest16: Stacki 1600+ Server Journey - Dave Peterson, Salesforce
StackiFest16: Stacki 1600+ Server Journey - Dave Peterson, Salesforce StackiFest16: Stacki 1600+ Server Journey - Dave Peterson, Salesforce
StackiFest16: Stacki 1600+ Server Journey - Dave Peterson, Salesforce StackIQ
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
PostgreSQL Procedural Languages: Tips, Tricks and Gotchas
PostgreSQL Procedural Languages: Tips, Tricks and GotchasPostgreSQL Procedural Languages: Tips, Tricks and Gotchas
PostgreSQL Procedural Languages: Tips, Tricks and GotchasJim Mlodgenski
 

Semelhante a Sap snc configuration (20)

Osol Pgsql
Osol PgsqlOsol Pgsql
Osol Pgsql
 
How to install squid proxy on server or how to install squid proxy on centos o
How to install squid proxy on server or how to install squid proxy on centos oHow to install squid proxy on server or how to install squid proxy on centos o
How to install squid proxy on server or how to install squid proxy on centos o
 
Operation outbreak
Operation outbreakOperation outbreak
Operation outbreak
 
Keep it simple web development stack
Keep it simple web development stackKeep it simple web development stack
Keep it simple web development stack
 
Salesforce at Stacki Atlanta Meetup February 2016
Salesforce at Stacki Atlanta Meetup February 2016Salesforce at Stacki Atlanta Meetup February 2016
Salesforce at Stacki Atlanta Meetup February 2016
 
Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort
 
Debugging Ruby
Debugging RubyDebugging Ruby
Debugging Ruby
 
Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2
 
Most important "trick" of performance instrumentation
Most important "trick" of performance instrumentationMost important "trick" of performance instrumentation
Most important "trick" of performance instrumentation
 
PostgreSQL Portland Performance Practice Project - Database Test 2 Howto
PostgreSQL Portland Performance Practice Project - Database Test 2 HowtoPostgreSQL Portland Performance Practice Project - Database Test 2 Howto
PostgreSQL Portland Performance Practice Project - Database Test 2 Howto
 
How To Install and Configure SNMP on RHEL 7 or CentOS 7
How To Install and Configure SNMP on RHEL 7 or CentOS 7How To Install and Configure SNMP on RHEL 7 or CentOS 7
How To Install and Configure SNMP on RHEL 7 or CentOS 7
 
Ascs virtual
Ascs virtualAscs virtual
Ascs virtual
 
Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch Fix
 
Performance Wins with BPF: Getting Started
Performance Wins with BPF: Getting StartedPerformance Wins with BPF: Getting Started
Performance Wins with BPF: Getting Started
 
計算機性能の限界点とその考え方
計算機性能の限界点とその考え方計算機性能の限界点とその考え方
計算機性能の限界点とその考え方
 
Wait Events 10g
Wait Events 10gWait Events 10g
Wait Events 10g
 
StackiFest16: Stacki 1600+ Server Journey - Dave Peterson, Salesforce
StackiFest16: Stacki 1600+ Server Journey - Dave Peterson, Salesforce StackiFest16: Stacki 1600+ Server Journey - Dave Peterson, Salesforce
StackiFest16: Stacki 1600+ Server Journey - Dave Peterson, Salesforce
 
Stacki - The1600+ Server Journey
Stacki - The1600+ Server JourneyStacki - The1600+ Server Journey
Stacki - The1600+ Server Journey
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
 
PostgreSQL Procedural Languages: Tips, Tricks and Gotchas
PostgreSQL Procedural Languages: Tips, Tricks and GotchasPostgreSQL Procedural Languages: Tips, Tricks and Gotchas
PostgreSQL Procedural Languages: Tips, Tricks and Gotchas
 

Último

Best Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfBest Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfIdiosysTechnologies1
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Natan Silnitsky
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Mater
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 

Último (20)

Best Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfBest Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdf
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 

Sap snc configuration

  • 1. AN ONE STOP GUIDE TO CONFIGURE SNC SAPROUTER Joy V.Ramachandran Consultant SAP BASIS IVL India Pvt Ltd Technopark , Trivandrum Kerala India joy.rama@sapgenie.com ; joy_rama@msn.com
  • 2. Contents SAP SNC CONFIGURATION........................................................................................ 3 DOWNLOADING CRYPTOGRAPHIC SOFTWARE............................................ 3 CREATING THE KEY.................................................................................................... 4 TRANSMITTING THE KEY.......................................................................................... 4 CREATING THE CERTIFICATE................................................................................. 6 IMPORTING CERTIFICATE........................................................................................ 6 START SNC SAP ROUTER ........................................................................................... 7 In Unix............................................................................................................................ 7 In windows..................................................................................................................... 7 SAPROUTTAB ENTRIES............................................................................................... 8 Example: ......................................................................................................................... 8 DEBUGGING.................................................................................................................... 9 Check whether certificate is installed correctly.............................................................. 9 CHECK THE ENVIRONMENT VARIABLES ........................................................ 9 UNIX........................................................................................................................... 9 WINDOWS................................................................................................................. 9
  • 3. SAP SNC CONFIGURATION DOWNLOADING CRYPTOGRAPHIC SOFTWARE Download the cryptographic software from service market place www.service.sap.com/tcs. As shown below. Extract the criptographic libraries and sapgenpse and ticket files in to the saprouter.exe location using # SAPCAR –xvf < cryprographic car file>
  • 4. CREATING THE KEY Next goto www.service.sap.com/tcp get the distingush name . Then execute the following commands by copy paste the distinguished name /* “CN & "OU " in the distingush name will be different for different organizations */ #./sapgenpse get_pse -v -r certreq -p local.pse "CN=yourhostname , OU=123456, OU=SAProuter, O=SAP, C=DE " Got absolute PSE path "/usr/sap/C11/SYS/exe/run/local.pse". Please enter PIN:<press enter> Please reenter PIN:<press enter> Supplied distinguished name: "CN=YourHostName, OU=12345, OU=SAProuter, O=SAP, C=DE " Generating key (RSA, 1024-bits) ... succeeded. certificate creation... ok PSE update... ok PKRoot... ok Generating certificate request... ok. TRANSMITTING THE KEY It will generate a key in "certreq " . Next step is copy this key to www.service.sap.com/tcp against your SAP router registration . The ---- BEGIN CERTIFICATE REQUEST to --- END CERTIFICATE REQUEST should also be copied */ # cat certreq -----BEGIN CERTIFICATE REQUEST----- MIIBmDCCAQECAQAwWDELMAkGA1UEBhMCREUxDDAKBgNVBAoTA1NBUDESMBAGA1UE CxMJU0FQcm91dGVyMRMwEQYDVQQLEwowMDAwNjMyNzY2MRIwEAYDVQQDEwltZnFz YXBwcmQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAP/sY2nK8NR85+HZne3d 7ZQITR2tdlCG8gbJ/88SWFcWrjmD5me8jR9x9ut8wISSVkWgKCCZ/fM74XRGlU4V HQ/8hjht8bP93Uyf06hE9re//SszGlySNdhG3TMx/wslJW8PAk0KXGozjMJrKRVE Pd4Upb7jKhGoTcyaqJNi7SILAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQA3mM3W 9qBgCXcoN/XGp6/odakIQzRsQ8PJYhu2ogEwDixu3bNWW3doiiglqCCsJdyAdzfi /yY/bUk/SJxDWVXZzYfw5c0Y3wmbDhqqLw3mm7nbVWFn6q8cn9MNeF1FdlUIfY7O Yq8Inb/ropL1eMnkT1hepa79HIfdmHoAdjXDGQ== -----END CERTIFICATE REQUEST-----
  • 5. Copy the above key and paste it like shown below After Copying, click on the "Request Certificate" Button . Next screen will display the certificate. Copy and paste the generated certificate in a new file named 'srcert' in the same location of your saprouter . N:B Do not forget to copy the BEGIN and END tags too.
  • 6. CREATING THE CERTIFICATE Windows users can use notepad and UNIX vi editor. vi srcert < paste> <ESC><SHIFT> : x # vi srcert -----BEGIN CERTIFICATE----- MIIHqAYJKoZIhvcNAQcCoIIHmTCCB5UCAQExADALBgkqhkiG9w0BBwGgggd9MIICd TCCAd6gAwIBAgICI1MwDQYJKoZIhvcNAQEEBQAwRjELMAkGA1UEBhMCREUxDDAKBg NVBAoTA1NBUDESMBAGA1UECxMJU0FQcm91dGVyMRUwEwYDVQQDEwxTQVByb3V0ZXI gQ0EwHhcNMDQwMTIxMDQwMDI0WhcNMDUwMTIxMDQwMDI0WjBYMQswCQYDVQQGEwJE RTEMMAoGA1UEChMDU0FQMRIwEAYDVQQLEwlTQVByb3V0ZXIxEzARBgNVBAsTCjAwM DA2MzI3NjYxEjAQBgNVBAMTCW1mcXNhcHByZDCBnzANBgkqhkiG9w0BAQEFAAOBjQ AwgYkCgYEA/+xjacrw1Hzn4dmd7d3tlAhNHa12UIbyBsn/zxJYVxauOYPmZ7yNH3H 263zAhJJWRaAoIJn98zvhdEaVThUdD/yGOG3xs/3dTJ/TqET2t7/9KzMaXJI12Ebd MzH/CyUlbw8CTQpcajOMwmspFUQ93hSlvuMqEahNzJqok2LtIgsCAwEAAaNgMF4wD <- --------- LINES DELETED ----------------------------------- hvcNAQEBBQADgY0AMIGJAoGBAP6a6fk9E5Is6WO84kyTjY08fMi2IsCzfC0NYkp3C Vb0cx04csKiZZwB/V+IOICtx+C4mUpxDeDnT07i6onBKLqs3Jj5opOABe3pOHABOk a+GiajTQ4MBHpgf7pb5zRAdqp7G6gx0bzGNIHxLx1U4jzbvZJF9xUIRJUBy44adK2 /AgMBAAGjaTBnMA8GA1UdEwEB/wQFMAMBAf8wJQYDVR0RBB4wHIYaaHR0cDovL3Nl cnZpY2Uuc2FwLmNvbS9UQ1MwDgYDVR0PAQH/BAQDAgH2MB0GA1UdDgQWBBSivTpjU s0Z/L7oQ9Cu5YSgSffa/DAJBgUrDgMCHQUAA4GBAMgUUSEs6bZKH067xP+RWnJ4fP 3l/qoydP3PZvCO4ThQHkhqMMhG+28J+jyWMijklAnJsJaWePBEBPbtLC5nKjNIZuW WZaGOinWz192FGAHnoN2z0dcUTUljZLJrY/9NrCbfpC2TEqBQf1+Sr82DlJL6wmCX Ejlpr1Kk/g7ZPYorMQA= -----END CERTIFICATE----- <ESC><SHIFT> : x IMPORTING CERTIFICATE Next step is to import this certificate using the below command syntax . # ./sapgenpse import_own_cert -c srcert -p local.pse CA-Response successfully imported into PSE "/usr/sap/MPS/SYS/exe/run/local.pse"
  • 7. SETTING SECURED LOGIN TO SAPROUTER Now specify the user who is allowed secure login to PSE Use < sid> adm if you want to start saprouter with sap admin user. If you omit -O <user>, the credentials are created for the logged in user account who is running the below command ) # ./sapgenpse seclogin -p local.pse -O saprouterUser running seclogin with USER="saprouterUser" creating credentials for yourself (USER="saprouterUser ")... Added SSO-credentials for PSE "/usr/sap/C11/SYS/exe/run/local.pse" "CN=YourHostName, OU=12345, OU=SAProuter, O=SAP, C=DE" N:B Check a file named cred_v2 is created in the same directory START SNC SAP ROUTER In Unix In UNIX use the below sysntax to start sap router using SNC # nohup ./saprouter -r -G routerlog -S 3299 -K "p:CN=YourHostName, OU=12345, OU=SAProuter, O=SAP, C=DE" & In windows In Windows use the below syntax <Drive>:SNC-SaprouterDirectory saprouter -r -G routerlog -S 3299 –K "p:CN=YourHostName, OU=12345, OU=SAProuter, O=SAP, C=DE" N:B –K option tells saprouter to load the SNC cryptographic library too.
  • 8. SAPROUTTAB ENTRIES For SNC SAPROUTER , the enries should not be the same as non-saprouter ./saprouttab should contain at least the following entries # inbound connections MUST use SNC KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <your_server1> <port_number> # repeat this for the servers and port_numbers you will need to allow, # please make sure that all explicit ports are inserted in front of a # generic entry '*' for port_number # outbound connections to <sapservX> will use SNC KT "p:CN=sapserv2 OU=SAProuter, O=SAP, C=DE" <sapservX> <sapservX_inbound_port> # permission entries to check if connection is allowed at all P <IP address of a local host> <IP address of sapserv2> # all other connections will be denied D * * * Example: For a SNC encrypted connection to the SAPRouter on sapserv2 (194.39.131.34), the saprouttab should contain the following entries: # # SNC-connection from and to SAP KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 * # SNC-connection from SAP to local R/3-System for Support KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> <R/3- Instance> # SNC-connection from SAP to local R/3-System for NetMeeting, if it is needed KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 1503 # SNC-connection from SAP to local R/3-System for saptelnet, if it is needed KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 23 # Access from the local Network to SAPNet - R/3 Frontend (OSS) P <IP-addess of a local PC> 194.39.131.34 3299 # deny all other connections D * * *
  • 9. DEBUGGING Check whether certificate is installed correctly # ./sapgenpse get_my_name -v -n issuer Opening PSE "/usr/sap/C11/SYS/exe/run/local.pse"... PSE open ok. ok. Retrieving my certificate... ok. Getting requested information... ok. SSO for USER "UserID" with PSE file "/usr/sap/C11/SYS/exe/run/local.pse" Issuer : CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE If any errors found in the above , you can do all the steps once again . But make sure that cred_v2, local.pse is deleted . If you whant to create the ket once again delete certreq file too before doing so. CHECK THE ENVIRONMENT VARIABLES Create the following entries are there in the .login ( dot login) script of the SNC saprouter user . ONLY THE BOLD AREAS UNIX set path = ( /usr/bin /etc /usr/sbin /usr/ucb $HOME/bin /usr/bin/C11 /sbin /usr/SNC-saprouter/snc_library /usr/lib . ) setenv MAIL "/var/spool/mail/$LOGNAME" setenv SECUDIR “/usr/SNC-saprouter” setenv SNC_LIB "/usr/SNC-Saprouter/snc_library/libsapcrypto.o" setenv LIBPATH "/usr/lib:/lib:/usr/sap/C11/SYS/exe/run:/oracle/C11/92_64/lib:/usr/SNC- saprouter/snc_library” WINDOWS For windows create PATH, SECUDIR, SNC_LIB and LIBPATH in their environment settings area.