on 09-18-2014 6:46 AM
Hello!
I am trying to make s sap router tunnel with this instruction:
How to setup SNC connection between SAProuters - Basis Corner - SCN Wiki
When I run niping I get an error:
I run sapgenpse get_pse -v -noreq -p local.pse "CN=saprouter" where saprouter is the name of the local user. Maybe I am wrong ?
What should I write in CN ? Maybe host\username ? In other instructions I see that peoples make the certificate like:
CN=sgw, OU=IT, O=FTVL, C=COM, but I don't know how to use it for the local user on host, like CN=username, O=computername, C=domainname. C=local
Thanks!
I fixed it! Thanks for all! It was my mistake.
The problem was in sap route tab, I should use KT "p:CN=<name of certificate of REMOTE HOST">
So in KP too.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi
Could you check with SAP KBA
Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Igor,
As you must have read this:
On SAProuter host1, run:
sapgenpse get_pse -v -noreq -p local.pse "CN=MYSAPROUTER1"
sapgenpse seclogin -p local.pse
Here you have to use the hosthame of the router from which you will generate the certificate and then exchange.
Regards,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I did it, but I got the same error.
After NIPING in dev_rout I see:
Thu Sep 18 10:53:11 2014
*** ERROR => SncPEstablishContext() failed for target='p:CN=<MYHOST>' [sncxxall.c 3585]
*** ERROR => SncPEstablishContext()==SNCERR_GSSAPI [sncxxall.c 3551]
GSS-API(maj): A token had an invalid signature
GSS-API(min): The name is wrong
Unable to establish the security context
target="p:CN=<MYHOST>"
<<- SncProcessInput()==SNCERR_GSSAPI
*** ERROR => NiSncIProcIn: SncProcessInput failed (sncrc=-4;000000000249FA20;789) [nisnc.c 1010]
Sapgenpse get_my_name -v -n Issuer:
first host:
Opening PSE "C:\saprouter\local.pse"...
PSE (v2) open ok.
Retrieving my certificate... ok.
Getting requested information... ok.
SSO for USER "saprouter"
with PSE file "C:\saprouter\local.pse"
Issuer : CN=<myhost>
second host:
Opening PSE "C:\saprouter\local.pse"...
PSE (v2) open ok.
Retrieving my certificate... ok.
Getting requested information... ok.
SSO for USER "saprouter"
with PSE file "C:\saprouter\local.pse"
Issuer : CN=<my_second_host>
Hi,
What should I write in CN ? Maybe host\username ?
Here you should use hostname instead of username for which you generated router certificate.
Regards,
Gaurav
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.