Skip to Content

SAP Router Issue - PSE & CSR

When trying to renew the cert for our SAProuter, I'm getting issues creating a CSR for use during Step 2 in the "Request Certificate for SAProuter". When I run the command sapgenpse get_pse –v –r certreq –p local.pse "your distinguished name” it only creates a local.pse for me and not a certreq file (I believe it's supposed to do both?). I believe the contents of the certreq file is what needs to be Copy & Pasted into the SAP Portal for the certificate to be generated, correct? If so, how can I get it since the file is not being created?


I basically used the instructions here for a guide >> Sap Router Certificate Renewal Process

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • Jan 08, 2015 at 06:28 PM

    Hello Jordan,

    I think you are deleting the files before running the command.

    And running the command on saprouter folder.

    Do you get all successsfull messages like below?

    Creating PSE with format v2 (default)

    Generating key (RSA, 2048-bits) ... succeeded.

    certificate creation... ok

    PSE update... ok

    PKRoot... ok

    Generating certificate request... ok.

    Regards,

    Yuksel AKCINAR

    Add comment
    10|10000 characters needed characters exceeded

  • Jan 08, 2015 at 08:35 PM

    I think you're trying to combine two steps into one step. Read this document, I think this will help you out. http://scn.sap.com/community/netweaver-administrator/blog/2012/11/03/sap-router-certificate-renewal-process

    Add comment
    10|10000 characters needed characters exceeded

  • Jan 09, 2015 at 03:32 PM

    Now, when running Step 1 "check for the validity of the saprouter certificate" I get the following:

    Very weird.


    Capture.PNG (4.0 kB)
    Add comment
    10|10000 characters needed characters exceeded

    • Quick question;

      Are you running the sapgenpse command from the directory where the saprouter and SAP Cryptographic files installed?

      Follow this link : https://websmp104.sap-ag.de/saprouter-sncdoc

      The command can be split into two. Try that and see if that helps.


      Generate the certificate Request with the command:

      sapgenpse get_pse -v -r certreq -p local.pse "<Distinguished Name>"

      Example:

      sapgenpse get_pse -v -r certreq -p local.pse "CN=example, OU=0000123456, OU=SAProuter, O=SAP, C=DE"

      Alternatively use the two commands:

      sapgenpse get_pse -v -noreq -p local.pse "<Distinguished Name>"

      sapgenpse get_pse -v -onlyreq -r certreq -p local.pse

      Cheers

      RB

  • avatar image
    Former Member
    Jan 09, 2015 at 04:01 PM

    Are you logged on with the user which the pse was created?

    Regards,

    Rishi

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jan 09, 2015 at 04:14 PM

    Also you can check the below blog

    Regards,

    Rishi

    Add comment
    10|10000 characters needed characters exceeded