cancel
Showing results for 
Search instead for 
Did you mean: 

SAP Router Issue - PSE & CSR

former_member203007
Participant
0 Kudos

When trying to renew the cert for our SAProuter, I'm getting issues creating a CSR for use during Step 2 in the "Request Certificate for SAProuter". When I run the command sapgenpse get_pse –v –r certreq –p local.pse "your distinguished name” it only creates a local.pse for me and not a certreq file (I believe it's supposed to do both?). I believe the contents of the certreq file is what needs to be Copy & Pasted into the SAP Portal for the certificate to be generated, correct? If so, how can I get it since the file is not being created?


I basically used the instructions here for a guide >>

Accepted Solutions (0)

Answers (5)

Answers (5)

Former Member
0 Kudos

Also you can check the below blog

Regards,

Rishi

Former Member
0 Kudos

Are you logged on with the user which the pse was created?

Regards,

Rishi

former_member203007
Participant
0 Kudos

I unfortunately would have no way of knowing as this was set up by our SAP implementation team who are no longer here =/

I am using the Admin account that they set up for SAP to RDP into the server with.

Former Member
0 Kudos

Please Use "sidadm" instead of admin account.

Regards,

RIshi

former_member203007
Participant
0 Kudos

Now, when running Step 1 "check for the validity of the saprouter certificate" I get the following:

Very weird.

Reagan
Advisor
Advisor
0 Kudos

Quick question;

Are you running the sapgenpse command from the directory where the saprouter and SAP Cryptographic files installed?

Follow this link : https://websmp104.sap-ag.de/saprouter-sncdoc

The command can be split into two. Try that and see if that helps.


Generate the certificate Request with the command:

sapgenpse get_pse -v -r certreq -p local.pse "<Distinguished Name>"

Example:

sapgenpse get_pse -v -r certreq -p local.pse "CN=example, OU=0000123456, OU=SAProuter, O=SAP, C=DE"

Alternatively use the two commands:

sapgenpse get_pse -v -noreq -p local.pse "<Distinguished Name>"

sapgenpse get_pse -v -onlyreq -r certreq -p local.pse

Cheers

RB

michael_ruth3
Contributor
0 Kudos

I think you're trying to combine two steps into one step. Read this document, I think this will help you out. http://scn.sap.com/community/netweaver-administrator/blog/2012/11/03/sap-router-certificate-renewal-...

former_member203007
Participant
0 Kudos

That's the document I've been following and is linked in my original post. Thanks though!

yakcinar
Active Contributor
0 Kudos

Hello Jordan,

I think you are deleting the files before running the command.

And running the command on saprouter folder.

Do you get all successsfull messages like below?

Creating PSE with format v2 (default)

Generating key (RSA, 2048-bits) ... succeeded.

certificate creation... ok

PSE update... ok

PKRoot... ok

Generating certificate request... ok.

Regards,

Yuksel AKCINAR

former_member203007
Participant
0 Kudos

Well it runs through it and closes before I can see anything...so far, all I can see it creates is a local.pse file, nothing more.

yakcinar
Active Contributor
0 Kudos

Hello Jordan,


Firstly Run "cmd" to goto Command Prompt.

Then cd to saprouter directory.


And then run sapgenpse get_pse –v –r certreq –p local.pse "your distinguished name”

Now it must not close and you must have seen the log.

Regards,

Yuksel AKCINAR

former_member203007
Participant
0 Kudos

When running your command, it literally says "Huh? I found 5 trailing unrecognized parameters on commandline!?"

Haha, love that they included "Huh" lol