Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Installing the sapcrypto library and starting the SAProuter

advertisement 
Installing the sapcrypto library and starting
the SAProuter
Contents
•
•
•
Downloading necessary software components from SAP Service Marketplace
Creating the certificate request
Additional actions necessary before you can start saprouter
This section describes the necessary steps to download and install the sapcrypto library
for use with saprouter. The saprouter must be started with the options described later in
this section.
The license for the sapcrypto library covers ONLY saprouter connections between saprouters at
SAP and the first saprouter on customer sites. For all other purposes the library CANNOT be used!
Downloading necessary software components from SAP
Service Marketplace
1. Login to the SAP Service Marketplace with the Service Marketplace USERID
which is assigned to your installation.
2. Change to the alias SAPROUTER-SNCADD. Before you can download the
software components two preconditions must be met.
a. You must have been allowed to download the software. This authorization is added as
soon as SAP has received a positive statement from the "Bundesausfuhramt". This
procedure is necessary since the software falls under EU regulations.
b. For more information on how to obtain authorization if download is not possible see note
397175.
c. You must accept that you must follow the regulations imposed by the EU on the use and
distribution of the cryptographic software components downloaded from the SAP Service
Marketplace.
3. The acceptance of the terms and conditions is logged with your USERID and
stored for reporting purposes to the "Bundesausfuhramt".
4. Accepting with the button on the web-based form takes you to the folder where
you can download the Software components.
These are packed into a single CAR file sapcrypto.car
5. Copy the file to the direcory where the saprouter executable is located
6. You can get the file car.exe/sapcar.exe, which is necessary to unpack the
archive from any Installation Kernel CD.
Executing the command car -xvf SAPCRYPTO.CAR will unpack the following files:
[lib]sapcrypto.[dll|so|sl]
sapgenpse[.exe]
ticket
Creating the certificate request
1. As user <snc>adm set the environment variables
SECUDIR = <directory_of_saprouter>
2. Go to the Trust Center Service - Download Area and get the "Distinguished
Name" for your SAProuter from the list of SAProuters registered for your
installation.
3. Generate the certificate Request with the command
sapgenpse get_pse -v -r certreq -p local.pse "<Your Distinguished Name>"
4. Alternatively use the two commands:
sapgenpse get_pse -v -noreq -p local.pse "<Your Distinguished Name>"
sapgenpse get_pse -v -onlyreq -r certreq -p local.pse
5. Display the output file "certreq" and with copy&paste insert the certificate request
into the text area of the same form on the SAP Service Marketplace from which
you copied the Distinguished Name
6. In response you will receive the certificate signed by the CA in the Service
Marketplace, cut&paste the text to a local file named srcert
7. With this in turn you can install the certificate in your saprouter by calling
sapgenpse import_own_cert -c srcert -p local.pse
8. now you will have to create the credentials for the SAProuter with the same
program (if you omit -O <user>, the credentials are created for the logged in user
account)
sapgenpse seclogin -p local.pse -O <user_for _saprouter>
9. This will create a file called cred_v2 in the same directory.
For increased security please check that the file can only be accessed by the user
running the SAProuter.
Do not allow any other access (not even from the same group)!
On UNIX this will mean permissions being set to 600 or even 400!
On NT check that the permissions are granted only to the user the service is
running as!
10. Check if the certificate has been imported correctly
sapgenpse get_my_name -v -n Issuer
The name of the Issuer should be: CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE
11. If this is not the case, delete the files cred_v2, local.pse and start over at Item 4.
If the output still does not match please open a customer message in component
XX-SER-NET-OSS stating the actions you have taken so far and the output of
the commands
4.,7.,8. and 10.
Additional actions necessary before you can start saprouter
1. The environment variable SNC_LIB needs to be set for the user account SAProuter is running
under.
SNC_LIB has the form
UNIX
<path_to_libsecude>/<name_of_sapcrypto_library>
Windows NT, Windows
2000
<drive>:\<path_to_libsecude>\<name_of_sapcrypto_library>
2. Check if the environment of the user running saprouter contains the environment variable SNC_LIB
UNIX
printenv
Windows NT
System environment variable
3. start the saprouter with the following command line:
saprouter -r -S <port> -K "p:<Your Distingushed Name>"
-K tells the saprouter to start with loading the SNC library
the corresponding file ./saprouttab should contain at least the following entries
# inbound connections MUST use SNC
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <your_server1> <port_number>
# repeat this for the servers and port_numbers you will need to allow,
# please make sure that all explicit ports are inserted in front of a
# generic entry '*' for port_number
# outbound connections to <sapservX> will use SNC
KT "p:CN=sapserv2 OU=SAProuter, O=SAP, C=DE" <sapservX>
<sapservX_inbound_port>
# permission entries to check if connection is allowed at all
P <IP address of a local host> <IP address of sapserv2>
# all other connections will be denied
D ***
Example:
For a SNC encrypted connection to the SAPRouter on sapserv2 (194.39.131.34),
the saprouttab should contain the following entries:
# SNC-connection from and to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
# SNC-connection from SAP to local R/3-System for Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> <R/3-Instance>
# SNC-connection from SAP to local R/3-System for NetMeeting, if it is needed
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 1503
# SNC-connection from SAP to local R/3-System for saptelnet, if it is needed
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <R/3-Server> 23
# Access from the local Network to SAPNet - R/3 Frontend (OSS)
P <IP-addess of a local PC> 194.39.131.34 3299
# deny all other connections
D***
Nome do arquivo:
arquivo2.doc
Pasta:
P:\Temp\Solution Manager
Modelo:
C:\Documents and Settings\c5032358\Application
Data\Microsoft\Templates\Normal.dot
Título:
Installing the sapcrypto library and starting the SAProuter
Assunto:
Autor:
Ricardo Magalhaes
Palavras-chave:
Comentários:
Data de criação:
14/5/2002 17:16
Número de alterações: 2
Última gravação:
14/5/2002 17:16
Gravado por:
Ricardo Magalhaes
Tempo total de edição: 1 Minuto
Última impressão:
17/5/2002 16:31
Como a última impressão
Número de páginas: 4
Número de palavras:
964 (aprox.)
Número de caracteres:
5.500 (aprox.)
Related documents
Sample Parent / Teacher Conference Form
Sample Parent / Teacher Conference Form
Delphi
Delphi
Sample Mission Statements for SAP
Sample Mission Statements for SAP
School name here - Prevention First
School name here - Prevention First
SAP PP Training Course Syllabus in Chennai
SAP PP Training Course Syllabus in Chennai
PPM RDS Marketing Flyer
PPM RDS Marketing Flyer
Short Presentation Title
Short Presentation Title
1. Developer
1. Developer
it media presentation - Kenya Ports Authority
it media presentation - Kenya Ports Authority
Download
advertisement