How to renew SAProuter Certificate Step by Step

In this example, it will show the steps on how to check the SAProuter Validity and how to renew the SAProuter certificate.

What is SAP Router Certificate?


An SAProuter certificate is a digital certificate that is used to authenticate and encrypt traffic between SAProuter instances. SAProuter is a software program that is used to route traffic between SAP systems and external networks. It is a critical component of SAP’s security infrastructure, and it helps to protect SAP systems from unauthorized access and attacks.

SAProuter certificates are issued by SAP and are valid for one year. They can be renewed at the end of each year.

To use an SAProuter certificate, you must install it on both SAProuter instances that are communicating with each other. Once the certificates are installed, the SAProuter instances will be able to authenticate and encrypt traffic between them.

SAProuter certificates are an important part of SAP’s security infrastructure, and they help to protect SAP systems from unauthorized access and attacks. It is important to keep your SAProuter certificates up to date to ensure the security of your SAP systems.

Here are some of the benefits of using SAProuter certificates:

  • Authentication: SAProuter certificates help to authenticate SAProuter instances to each other. This helps to prevent unauthorized access to SAP systems.
  • Encryption: SAProuter certificates help to encrypt traffic between SAProuter instances. This helps to protect data from being intercepted by unauthorized third parties.
  • Security: SAProuter certificates help to improve the security of SAP systems by making it more difficult for attackers to gain unauthorized access to them.

Steps to check the SAProuter certificate validity.

1) Login to the system where the sap router has been installed with the <SID>adm account
    Execute: –

sapgenpse get_my_name -v -n Issuer
sapgenpse get_my_name

Expired certificate that causes the SAP system connectivity failed.

How to renew SAProuter Certificate Step by Step

Steps to renew the SAP router certificate

1) Login to the SAP support portal -> Tools -> Connectivity Tools -> SAProuter

How to renew SAProuter Certificate Step by Step
How to renew SAProuter Certificate Step by Step

2) Scroll Down until you find the heading SAProuter Certificates, Click Apply for a SAProuter Certificate.

How to renew SAProuter Certificate Step by Step

3) Copy the “Distinguished name” to be use for certificate creation process later.

How to renew SAProuter Certificate Step by Step
How to renew SAProuter Certificate Step by Step
Copy Distinguished Name

4) Login to the system where the sap router been installed with the <SID>adm account
    Backup these files: – certreq, cred_v2, local.pse, srcert

How to renew SAProuter Certificate Step by Step

5) Stop the SAP router service

How to renew SAProuter Certificate Step by Step

6) Execute: –

sapgenpse get_pse -v -r certreq1 -p local.pse

IF you got an error that PSE already Exists as shown in the below image. then delete the local.pse

How to renew SAProuter Certificate Step by Step

Delete local.pse

How to renew SAProuter Certificate

Execute again: –

sapgenpse get_pse -v -r certreq1 -p local.pse


Create a new PIN when prompted that will be used later in the certificate creation process Paste the distinguished name that was copied from the SAP support portal previously.

How to renew SAProuter Certificate Step by Step

7) Examine that the “certreq1” file has been created. Copy all the contents of the file.

How to renew SAProuter Certificate Step by Step

Open the file certreq1 in Notepad

How to renew SAProuter Certificate Step by Step

8) Paste the “certreq1” file’s contents into the SAP portal text box and click “Request Certificate”

Click Submit CSR

How to renew SAProuter Certificate Step by Step

Past here and Click Request Certificate

How to renew SAProuter Certificate Step by Step

9) Again, copy all the contents generated from the portal.

How to renew SAProuter Certificate Step by Step

10) Paste the copied contents into notepad and save in as “srcert” file in the SAP router folder

Note: –
Before to do it, rename the existing file srcert.

How to renew SAProuter Certificate Step by Step
How to renew SAProuter Certificate Step by Step
How to renew SAProuter Certificate Step by Step

11) Install the certificate, execute: –

sapgenpse.exe import_own_cert -c srcert -p local.pse
How to renew SAProuter Certificate Step by Step

12) Create the “cred_v2” file, execute: – sapgenpse seclogin -p local.pse with the PIN created earlier (Step 7)

sapgenpse seclogin -p local.pse
How to renew SAProuter Certificate Step by Step

13) Check the newly created certificate and the validity date been updated
       Execute: –

sapgenpse get_my_name -v -n Issuer
sapgenpse get_my_name
How to renew SAProuter Certificate Step by Step

14) Start the SAP router service

How to renew SAProuter Certificate Step by Step

Leave a Comment