Skip to Content
author's profile photo
Former Member

saprouter Certificate Expired

It appears that our the certificate that our saprouter.exe uses has expired. I am not able to create connections to our saprouter from the Service Marketplace. I get the following in the dev_rout file in E:\usr\sap\saprouter

Mon Dec 10 15:18:39 2007

      • ERROR => SncPEstablishContext() failed for target='p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE'

      [sncxxall3374]*** ERROR => SncPEstablishContext()==SNCERR_GSSAPI [sncxxall.c 3340]

      GSS-API(maj): The referenced credentials have expired

      GSS-API(min): Validity date of certificate is invalid

      Unable to establish the security context

      target="p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"

          • ERROR => ErrISetSys: error info too large [err.c 931]

          Mon Dec 10 15:18:39 2007

          LOCATION SAProuter 38.0 on 'sapslm01'

          ERROR GSS-API(maj): The referenced credentials have expired

          GSS-API(min): Validity date of certificate is invalid

          target="p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"

          TIME Mon Dec 10 15:18:39 2007

          RELEASE 700

          COMPONENT SNC (Secure Network Communication)

          VERSION 5

          RC -4

          MODULE sncxxall.c

          LINE 3340

          DETAIL SncPEstablishContext

          SYSTEM CALL gss_init_sec_context

          ERRNO

          ERRNO TEXT

          DESCR MSG NO

          DESCR VARGS GSS-API(maj): The referenced credentials have expired;;;;

          ;;;;GSS-API(min): Validity date of certificate is invalid;;;;

          ;;;;target="p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"

          DETAIL MSG N

          DETAIL VARGS

          COUNTER 72

          <<- ERROR: SncProcessOutput()==SNCERR_GSSAPI

              • ERROR => NiSncIInitHdlSecurity: SncProcessOutput failed (rc=-4;00000000002A7050) [nisnc.c 1098]

              • ERROR => NiSnc2Connect C1/-1, 194.39.131.34 (rc=-17) [nirout.cpp 2811]

              • ERROR => NiRClientHandle: NiRExRouteCon for C1/-1 'sapslm01.OII.DOM' failed (rc=-17) [nirout.cpp 2238]

              How do I renew this certificate? I did not setup the saprouter and the person who did is no longer here. Please advise.

              Add comment
              10|10000 characters needed characters exceeded

              • Follow
              • Get RSS Feed

              2 Answers

              • Best Answer
                author's profile photo
                Former Member
                Dec 11, 2007 at 06:27 AM

                Hello Drew,

                For configuring the SAP router follow the steps below.

                Step 1:

                Download the SAP Router and SAP Cryptographic software from market place and place this under the folder usr\sap\saprouter. This folder is called as saprouter’s home folder. Extract these files with sapcar.

                Step 2:

                Apply for the certificate with the distinguished name of your company. This distinguished name can be found in service market place under the link

                http://service.sap.com/saprouter-sncadd and the certificate for saprouter should be applied in the same link.

                Step 3:

                With this distinguished name generate the PSE file with sapgenpse program located in saprouter folder.

                Step 4:

                After generating certreq file in saprouter folder edit the file and copy the content of the file under the link http://service.sap.com/saprouter-sncadd

                Step 5:

                After copying click “Request Certificate” in right most corner which generates the required certificate.Copy the content of the generated file and paste it into a text file in saprouter folder. Rename the file into “srcert” and install the certificate using sapgenpse command.The PIN which we have given in the previous step should be correctly to install the certificate.

                Step 6:

                After installing the certificate successfully credentials were to be added to the certificate. Only the added credentials will be allowed to start the saprouter program.

                Step 7:

                After adding credentials we can check the installation of certificate with sapgenpse command.

                Step 8:

                After verifying the certificate the SAPRouter program will be started in port number 3299.

                Note:

                SAP Router table should be correctly defined for accessing the systems through SAP router.

                regards,

                Anandha Krishnan R

                Add comment
                10|10000 characters needed characters exceeded

              • author's profile photo
                Former Member
                Dec 10, 2007 at 10:35 PM

                How to Request license key?

                http://service.sap.com/licensekey>

                regards,

                tamilboy

                Add comment
                10|10000 characters needed characters exceeded