2008年水泥项目06tc交流技术oss安装5.3snc saprouter

SNCSNCSAP全球支持–中议议1SNC1SNC2SNCSAProuter的实SAPAG2003,TitleofPresentation,SpeakerName/1SNC1SNC2SNCSAProuter的实SAPAG2003,TitleofPresentation,SpeakerName/SNCSNCSAPService ->Download->SAPCryptographicR/330289SAProuter525751将SNCSAProuter作为NTR/3搜索词：SNCSAPAG2003,TitleofPresentation,SpeakerName/SNCSNC操作流SNC帮助接入外部安全产品CryptographicLibrarySAPAG2003,TitleofPresentation,SpeakerName/SNCSNCSNC实施图SAP应用SAP内核SAP网络库库API=GSSAPISAPAG2003,TitleofPresentation,SpeakerName/SNCSNC使用RSA实施公共密钥基础设施（PKI） 1024同时使用SHA-1等散列功每个安装都收到一个PSE（个人安全环境SAPAG2003,TitleofPresentation,SpeakerName/散列功能应用于标记过的使 密钥加密散列加密后的散列值SAPAG2003,TitleofPresentation,SpeakerName/将标记过的信息和数字签名都发送给接收接收方对信息应用散列功能，对数字签名应用发送方的SAPAG2003,TitleofPresentation,SpeakerName/公共密钥的每位用户 决定密钥持有者的问只有解决了这个问题后，数字签名才可SAPAG2003,TitleofPresentation,SpeakerName/ CA检 并确定公共密钥的持有将X.509标准作 结构包公共密钥 的公共密钥签 的CA名称 者的识别名有效期 持有 的识别名签发CA的独特编号（序列号SAPAG2003,TitleofPresentation,SpeakerName/个人安全环境（PSE）用 与安全相关的信PSE （PIN码）的保护，只有PSE持有者一人知PSE包 （公共根密钥持有者的相相关的加 密 密钥受 时，即他人 的情况下获得该密钥时，用注意到了这种情况，则CA 这 密 SAPAG2003,TitleofPresentation,SpeakerName/1SNC1SNC2SNCSAProuter的实SAPAG2003,TitleofPresentation,SpeakerName/SNCSNCSAProuterSAProuter通过SAP-SNC层支持使用SAPCryptographic借此方法可保证SAProuters间的安全通必须通报每个SAProuter，通报时附带通信合作伙伴的SNC名SAPAG2003,TitleofPresentation,SpeakerName/SNCSNCSAProuter图例（主机主机加密的主主机SAPAG2003,TitleofPresentation,SpeakerName/1SNC1SNC2SNCSAProuter的实SAPAG2003,TitleofPresentation,SpeakerName/在SAP服 版本的->->SupportPackagesand->EntrybyApplication->Additional->->SAPROUTER自由带宽-64K或 （注：不是整条线路的带宽，而是保证SNC连接的带对于到SAPSupport的SNC连接，不提供用于sapserv2的SAPAG2003,TitleofPresentation,SpeakerName/SAPCryptographic安装Library（打开 通过sapgenpse创建创 请在SAPService 为SNC连接设置路 启动Saprouter（手动SAPAG2003,TitleofPresentation,SpeakerName/sapcryptolibrary的 个SAProuter间的一条连接。library不能用于其他目的。注 ，以便在SAPServiceMarket 和安装时必须提供SAP服 的USER-ID（基于客户编号必须保存用于USER-ID的电子邮件地址，以便自动接收由SAP可信服务中心（TrustCenterService）发送的 SAPAG2003,TitleofPresentation,SpeakerName/将文件xxxxxxx.car拷贝到SAProuterbinary所在的路径（打开CAR文件需要car.exe或Win32forx86/IA32） SAPAG2003,TitleofPresentation,SpeakerName/管理人员（用户 管理机构）必须Saprouter的运行定义系统环境变WindowNT环境的变量设右击计算机图标（属性→高级→环境变量在系统环境变量下，定义SECUDIRSECUDIR=Example:SECUDIR=SNC_LIBExample:SNC_LIB= SAPAG2003,TitleofPresentation,SpeakerName/SNCSNC 通过为您分配的ServiceMarket 从SAPService ce向SAPTCS申请ApplySAPAG2003,TitleofPresentation,SpeakerName/SNC 选择您在 的识别名（用于SAPGENPSE的参数）并点击“继续”识别名示

SAPAG2003,TitleofPresentation,SpeakerName/SNCSNC 通过以下命令生 请 \sapgenpseget_pse–v–rcertreqlocal.pse实 \sapgenpseget_pse–v–rcertreq“CN=SNC-SAProuter, ,OU=SAP,O=SAP,输入您的PIN，为本地PSE提 保Pleaseenterddistinguishedname:"CN=SNC-SAProuter,OU= OU=SAProuter,O=SAP,C=DE"Generatingkey(RSA,1024-bits)...creation...PSEupdate...okPKRoot...,Tfreetaton, request...SNCSNC 在以下路径中创建文件"certreq"显示输出文件“certreq”，通过拷贝粘贴将 ServiceMarket ce及Requestforthe SAPAG2003,TitleofPresentation,SpeakerName/SNCSNC CA将通过SAPService 将CA签发 拷贝粘贴到本地文件实例通过以sapgenpseimport_own_cert-csrcert-p在运行SAProuter程序的用户帐户下为SAProuter创建sapgenpseseclogin-plocal.pse–O<SNC-注必须始终完整 SAPAG2003,TitleofPresentation,SpeakerName/SNCSNC 这将在路径C:\sap\saprouter下创建文件为安全起见，请检查以确保只有运行SAProuter的用户才 该文不允许其他任何 文件（即使是同事在Unix环境下，这意味着标有 的SNCSAProuter同时支持写，而标有400的只支 功能在NT环境下，检查以确定只 授予了运行此项服务的用户SAPAG2003,TitleofPresentation,SpeakerName/SNC 检 是否准确导sapgenpseget_my_name-v-n人 应CN=SAProuterCA,OU=SAProuter,O=SAP,如果与要求不符，删除文件“local.pse”和“cred_v2”步骤，生 请如果在重复了安装步骤后仍未达到效果，请在以下部分输入客户息请求帮XX-SER-NET-SAPAG2003,TitleofPresentation,SpeakerName/路路 表文件C:\sap\saprouter\saprouttab#OutboundconnectionstoSAPwilluseSNCKT =sapserv2,OU=SAProuter,O=SAP,C=DE“4#InboundconnectionsfromSAPMUSTuseSNCcommunication#Note:#<IP-address>shouldbe cedwiththeinternalIP-address#theR/3#<Instance>shouldbere cedwiththesystemnumberofyourR/3#(e.g.3200)KP =sapserv2,OU=SAProuter,O=SAP,C=DE“<IP-address>#Permissionentriestoverify,ifaconnectionisallowed##Note:<IP-address>shouldbe cedwithPC’sandR/3#allowedtoconnecttoSAPNet–R/3P<IP-address>4#DenyallotherconnectionsD***SAPAG2003,TitleofPresentation,SpeakerName/启动SAProuter启动SAProuter（手动通过以下命令启动saprouter-r–S<port>-K"p:<YourDistingushed 启动saprouter- 规定运行saprouter程序的服务端口（缺省设实C:\sap\saprouter\saprouter-r-S3290–K=SNC-实C:\sap\saprouter\saprouter-r-S3290–K=SNC-,OU=SAProuter,_dev_routnologgingSAPAG2003,TitleofPresentation,SpeakerName/1SNC1SNC2SNCSAProuter的实SAPAG2003,TitleofPresentation,SpeakerName/测试工tosapserv2 服务技术准备(notes阅 文件，支持连SAProuter主机上的文件SAPAG2003,TitleofPresentation,SpeakerName/错误范网配错误日志文文SAPAG2003,TitleofPresentation,SpeakerName/网络连接错Couldnotconnectto（无法连接到配置错Routepermission 路 Saprouter–r–R<routtab>-K<myname>-Gsaprouter.log[–V错Sapgenpseget_my_name–nIssuer(ReviewofissueingSAPAG2003,TitleofPresentation,SpeakerName/ThuOct3107:37:34***ERROR=>GSS-API(maj):Atokenwas[sncxxall.cUnabletoestablishthesecurity<<-***ERROR=>NiSncRead:SncProcessInput(rc=-4)***ERROR=>NiSncOpcode:NiSncProcInrc=-17***ERROR=>NiBufReceiveC90,5(rc=-1)[nixxrout.c错误：无法建立安全性上下文环原因：未提供PSE名，未发现SSO凭解决方案：验证并重新安装SYSTEM变量SNC_LIB与SAPAG2003,TitleofPresentation,SpeakerName/ThuThuSep1812:31:36***ERROR=> [sncxxall.cGSS-API(maj):AtokenhadaninvalidGSS-API(min):ValiditydateUnabletoestablishthesecurityis<<-***ERROR=>NiSncRead:SncProcessInput(rc=-4)***ERROR=>NiSncOpcode:NiSncProcInrc=-17***ERROR=>NiBufReceiveC406,7(rc=-1)错误原因的有效期无失效，因此无法再连接到SAPce请求SAPAG2003,TitleofPresentation,SpeakerName/TueAug2710:26:46***ERROR=>SncPEstablishContext()==SNCERR_GSSAPI [sncxxall.c3153]GSS-API(maj):AtokenhadaninvalidsignatureGSS-API(min):CertificationpathendsatwrongUnabletoestablishthesecurityERROR=>NiSncRead:SncProcessInput(rc=-4)ERROR=>NiSncOpcode:NiSncProcInrc=-17NiBufReceiveC24,错误：认证路径终接在不适当的原因 人识别名错解决方SAPAG2003,TitleofPresentation,SpeakerName/

*******NI-ROUTERLOOPNiIRead:read1679,1packs,MESG_IO,handle3,data<<-returnvalues="(nodata)in=1679,back=155,out=0"NiIWrite:write155,1packs,MESG_IO,handle3,datacompleteNiIRead:read24,1packs,MESG_IO,handle3,datacomplete<<-returnvalues="(nodata)in=24,back=0,out=0"handshakeforhdl3=0<<-returnvalues="(Privacy)in=105of105,out=185"NiIWrite:write185,1packs,MESG_IO,handle3,datacomplete out-queue(hdl3,heapnow24)NiIRead:read8,1packs,MESG_IO,handle3,dataNiProcMsg:NI_PONGreceived,checkDATAfromC1(sapserv2a.wdf.sap-ag.de)sendPONGtoNiIWrite:write8,1packs,MESG_IO,handle2,datacompleteNiICheck:sendNI_PONGtopartnerNiBufSetParam:handle2,talkmodeROUT_IONiBufSetParam:handle3,talkmodeROUT_IOstatofC0/C1isLOGGED_IN上面显示的SAPAG2003,TitleofPresentation,SpeakerName/CopyrightCopyright2007SAPAG.AllNopartofthispublicationmaybereproducedortransmittedinanyformorforanypurposewithouttheexpresspermissionofSAPAG.Theinformationcontainedhereinmaybechangedwithoutpriornotice.SomesoftwareproductsmarketedbySAPAGanditsdistributorscontainproprietarysoftwarecomponentsofothersoftwarevendors. ,Windows,Excel,Outlook,andareregisteredtrademarksof IBM,DB2,DB2UniversalDatabase,OS/2,ParallelSysplex,MVS/ESA,AIX,S/390,AS/400,OS/390,OS/400,iSeries,pSeries,xSeries,zSeries,Systemi,Systemi5,Systemp,Systemp5,Systemx,Systemz,Systemz9,z/OS,AFP,InligentMiner,WebSphere,Netfinity,Tivoli,Informix,i5/OS,POWER,POWER5,POWER5+,OpenPowerandPowerPCaretrademarksorregisteredtrademarksofIBMCorporation.Adobe,theAdobelogo,Acrobat,PostScript,andReaderareeithertrademarksorregisteredtrademarksofAdobeSystemsIncorporatedintheUnitedStatesand/orothercountries.OracleisaregisteredtrademarkofOracleCorporation.UNIX,X/Open,OSF/1,andMotifareregisteredtrademarksoftheOpenCitrix,ICA,ProgramNeighborhood,MetaFrame,WinFrame, Frame,andMultiWinaretrademarksorregisteredtrademarksofCitrixSystems,Inc.HTML,XML,XHTMLandW3CaretrademarksorregisteredtrademarksofW3C®,WorldWideWebConsortium,MassachusettsInstituteofTechnology.JavaisaregisteredtrademarkofSunMicrosystems,Inc.JavaScriptisaregisteredtrademarkofSunMicrosystems,Inc.,usedunderlicensefortechnologyinventedandimplementedbyNetscape.MaxDBisatrademarkofMySQLAB,Sweden.SAP,R/3,mySAP, ,xApps,xApp,SAPNetWeaver,andotherSAPproductsandservicesmentionedhereinaswellastheirrespectivelogosaretrademarksorregisteredtrademarksofSAPAGinGermanyandinseveralothercountriesallovertheworld.Allotherproductandservicenamesmentionedarethetrademarksoftheirrespectivecompanies.Datacontainedinthis servesinformationalpurposesonly.Nationalproductspecificationsmayvary.Theinformationin isproprietarytoSAP.Nopartof maybereproduced,copied,ortransmittedinanyformorforanypurposewithouttheexpresswrittenpermissionofSAP isapreliminaryversionandnotsubjecttoyourlicenseagreementoranyotheragreementwithSAP.This containsonlyintendedstrategies,developments,andfunctionalitiesoftheSAP®productandisnotintendedtobebindinguponSAPtoanyparticularcourseofbusiness,productstrategy,and/ordevelopment.PleasenotethatthisissubjecttochangeandmaybechangedbySAPatanytimewithoutSAPassumesnoresponsibilityforerrorsoromissionsinthis .SAPdoesnotwarranttheaccuracyorcompletenessoftheinformation,text,graphics,links,orotheritemscontainedwithinthismaterial.This isprovidedwithoutawarrantyofanykind,eitherexpressorimplied,includingbutnotlimitedtotheimpliedwarrantiesofmerchantability,fitnessforaparticularpurpose,ornon-infringement.SAPshallhavenoliabilityfordamagesofanykindincludingwithoutlimitationdirect,special,indirect,orconsequentialdamagesthatmayresultfromtheuseofthesematerials.Thislimitationshallnotapplyincasesofintentorgrossnegligence.Thestatutoryliabilityfor alinjuryanddefectiveproductsisnotaffected.SAPhasnocontrolovertheinformationthatyoumayaccessthroughtheuseofhotlinkscontainedinthesematerialsanddoesnotendorseyouruseofthird-partyWebpagesnorprovideanywarrantywhatsoeverrelatingtothird-partyWebpages.SAPAG2003,TitleofPresentation,SpeakerName/CopyrightCopyright2007SAPAG.AlleRechteWeitergabeundVervielfältigungdieserPublikationodervonTeilendaraussind,zuwelchemZweckundinwelcherFormauchimmer,ohnedieausdrücklicheschriftlicheGenehmigungdurchSAPAGnichtgestattet.IndieserPublikationenthalteneInformationenkönnenohnevorherigeAnkündigunggeändertwerden.DievonSAPAGoderderenVertriebsfirmenangebotenenSoftwareproduktekönnenSoftwarekomponentenauchandererSoftwareherslerenthalten. WINDOWS®,NT®,EXCEL®,Word®, ®undSQLServer®sindeingetrageneMarkender IBM,DB2,DB2UniversalDatabase,OS/2,ParallelSysplex,MVS/ESA,AIX,S/390,AS/400,OS/390,OS/400,iSeries,pSeries,xSeries,zSeries,Systemi,Systemi5,Systemp,Systemp5,Systemx,Systemz,Systemz9,z/OS,AFP,InligentMiner,WebSphere,Netfinity,Tivoli,Informix,i5/OS,POWER,POWER5,POWER5+,OpenPowerundPowerPCsindMarkenodereingetrageneMarkenderIBMCorporation.Adobe,dasAdobeLogo,Acrobat,PostScriptundReadersindMarkenodereingetrageneMarkenvonAdobeSystemsInc.indenUSAund/oderanderenLändern.ORACLE®isteineeingetrageneMarkederORACLECorporation.UNIX®,X/Open®,OSF/1®undMotif®sindeingetrageneMarkenderOpenCitrix®,dasCitrix-Logo,ICA®,ProgramNeighborhood®,MetaFrame®, Frame®,MultiWin®undanderehiererwähnteNamenvonCitrix-sindMarkenvonCitrixSystems,HTML,DHTML,XML,XHTMLsindMarkenodereingetrageneMarkendesW3C®,WorldWideWebConsortium,MassachusettsInstituteofTechnology.JAVA®isteineeingetrageneMarkederSunMicrosystems,Inc.JAVASCRIPT®isteineeingetrageneMarkederSunMicrosystems,Inc.,verwendetunterderLizenzdervonNetscapeentwickeltenundimplementiertenTechnologie.MaxDBisteineMarkevonMySQLAB,Schweden.SAP,R/3,mySAP, ,xApps,xApp,SAPNetWeaver,undweitereimTexterwähnteSAP-Produkteund-DienstleistungensowiedieentsprechendenLogossindMarkenodereingetrageneMarkenderSAPAGinDeutschlandundanderenLändernweltweit.AlleanderenNamenvonProduktenundDienstleistungensindMarkenderjeweiligenFirmen.DieAngabenimTextsindunverbindlichunddienenlediglichzuInformationszwecken.ProduktekönnenländerspezifischeUnterschiedeDieindieserPublikationenthalteneInformationistEigentumderSAP.WeitergabeundVervielfältigungdieserPublikationodervonTeilendaraussind,zuwelchemZweckundinwelcherFormauchimmer,nurmitausdrücklicherschriftlicherGenehmigungdurchSAPAGgestattet.BeidieserPublikationhandeltessichumeinevorläufigeVersion,dienichtIhremgültigenLizenzvertragoderanderenVereinbarungenmitSAPunterliegt.DiesePublikationenthältnurvorgeseheneStrategien,EntwicklungenundFunktionendesSAP®-Produkt