January 20, 2011

How to configure and create SAP router service with SNC via NTSCMGR

Steps to do when setting up SAP router via Secure Network Comm (SNC). A note for future reference.

Hope this helps others too.

Part A.
The first thing you need to do, is to send a customer message to SAP
Support (component XX-SER-NET-OSS-NEW) and tell them to register the
hostname and IP of your new SAProuter.

Part B.
After you’ve received a confirmation from SAP that your SAProuter has
been registered, you are ready to configure your SAProuter.

If your SAProuter directory is N:\usr\sap\saprouter, these are the steps
to follow.

Note: You will be asked for a PIN code. Just pick your own 4 numbers, but
you’ll have to use the same PIN every time you’re asked to enter one.

1. Set 2 environment variables: SECUDIR and SNC_LIB according to the
guide you’ve downloaded.
example for variable setting below:
SECUDIR = N:\usr\sap\saprouter\
SNC_LIB = N:\usr\sap\saprouter\NTIA64\sapcrypto.dll (choose NTIA64 if your system is Itanium)

2. Download the SAP Crypto Library and unpack it into

3. To generate a certificate request, run the command:
sapgenpse get_pse -v -r N:\usr\sap\saprouter\certreq -p
N:\usr\sap\saprouter\local.pse “”

4. Then you have to follow the guide and request the certificate from
http://service.sap.com/tcs -> Download Area -> SAProuter Certificate

5. Create a file N:\usr\sap\saprouter\srcert and copy the requested
certificate into this file. The run the command:
sapgenpse import_own_cert -c N:\usr\sap\saprouter\srcert -p

6. To generate credentials for the user that’s running the SAProuter
service, run command:
sapgenpse seclogin -p N:\usr\sap\saprouter\local.pse -O
(this will create the file “cred_v2″)

7. Check the configuration by running command:
sapgenpse get_my_name -v -n Issuer
Result should be: “CN=SAProuter CA, OU=SAProuter,

8. Create SAProuter service on Windows with the command:
ntscmgr install SAProuter -b N:\usr\sap\saprouter\saprouter.exe -p
“service -r -R N:\usr\sap\saprouter\saprouttab -W 60000 -K ^p:^”

9. Edit the Windows Registry key as follows:
r\ImagePath –> Change both ^ to “

Add the value of issuer from step 7..
end value should be -K "p:CN=SAProuter CA, OU=SAProuter,

10. Start the SAProuter service with your SNC user from step 6.

11. Enter the required parameters in OSS1 -> Technical Settings

12. Test your SAP router