ciphermethod.com

Certificate is good for 1 year. 

1. switch to the same account that the SAProuter server runs as
examples: su, sudo -s, etc.
2. stop the router service
3. backup the router folder
example: cp -rp saprouter saprouter.bak
4. change to the router home directory
5. rename certreq, srcert, local.pse, and cred_v2 to file.yyyymmdd
6. generate the certificate request (new certreq) using the following command:
sapgenpse get_pse –v –r certreq –p local.pse “CN=saprouter1, OU=0000350309, OU=SAProuter, O=SAP, C=DE”
do not enter a PIN (just press enter)
7. copy the contents of certreq to the clipboard
8. browse to http://www.service.sap.com/saprouter-sncadd
9. paste the contents of the clipboard into the form
10. step through form to generate new certificate information
11. copy and paste new certificate data into a file called srcert
11. import the certificate using the following command
./sapgenpse import_own_cert –c srcert –p local.pse
do not enter a PIN (press enter)
12. setup the login using the following command
sapgenpse seclogin –p local.pse
this will create a final file called cred_V2
13. check if the certificate has been loaded correctly by using the following command:
sapgenpse get_my_name –v –n Issuer
14. start the router service
15. delete backup router directory made in step 3 if it is no longer needed

CN and OU information will be different and based on the configuration for your company.