Step by Step SAP Router certificate renewal [Linux]

Follow the steps

Normally saprouter is installed on Solution Manager and solman sidadm user will be used to administer saprouter.

1. Login using saprouter administrator user. in my case, it is the same as solman sidadm.

2. Locate saprouter root directory. Normally it will be found at /usr/sap/saprouter

command: cd /usr/sap/saprouter

3. Check saprouter validity and distinguished name/DN. Note down DN as it will be used at later stage.

command: sapgenpse get_my_name

4. Take backup of saprouter directory.

command: cp -rf saprouter saprouter_backup

All the below command will be run from inside sap router root directory.

5. Stop sap router

command: ./saprouter.sh -s

6. Take backup of certreq, cred_v2, getcert.cer, local.pse, srcert in backup directory and delete the files or rename the files.

or 



7. Run the following command

    sapgenpse get_pse –v –r certreq –p local.pse “your distinguish name”

    it will ask for pass-phrase or pin

8. Open https://support.sap.com/en/tools/connectivity-tools/saprouter.html and navigate using “apply for an SAProuter certificate”(this link button will be somewhere in the middle of the page, you may need to scroll down a bit.)





9. Select sap router and continue by clicking Submit CSR.




10. Copy and paste contents of certreq file to the textbox and click on "request certificate"



11. Copy and paste contents of the generated certificate into new file srcert in saprouter root directory. if it doesn't exist in the directory, create it using vi or vim command or using any test editor.

12. Run command 
     sapgenpse import_own_cert -c srcert -p local.pse

13. Now we have to create the SSO credentials for the SAProuter with command
      sapgenpse seclogin -p local.pse



14. Now check if certificate is loaded correctly or not by executing following command
      sapgenpse get_my_name



Here validity is renewed.

15. Start sap router now.