Skip to Content
Author's profile photo Anil Veepuri

Believe it or not, SSL Enabling for your PI 7.31 EHP1(Java only) is a cake walk now.

As we all know, by default, PI 7.31 EHP1 (Java only) is not SSL enabled. But, most of our scenarios deal with HTTPS. And now, gone are those days where we use to get this enabled by manual activities. In just, few simple steps, we can get our PI instance SSL enabled. Let’s check out how?

We should have the cryptographic library (SAPCRYPTOLIB_32-10010888.SAR) file handy.

Go to NWA, Configuration -> Security -> SSL. By default, it says that the PI instance is not SSL enabled. Click on Edit and click on Choose file under the column Ticket File and select the cryptographic library in the popup and save it. After the successful save, you will find the SSL status as green.

Screenshot-1.jpg

Though the SSL status is green, the SSL port is not yet configured. This means, you can’t access it through HTTPS. Click on Add button under the SSL Access Points. You can specify the SSL port, Protocol, Client Authentication Mode. You can choose any of the available options in each of the column.

Screenshot-2.jpg

Screenshot-3.jpg

Screenshot-4.jpg

Once you save it, you will see everything in green. Leave the other entries (Server Identity, Trusted CAs etc.) as is since, these deal with how the SSL communication should happen between the server and the client (out of scope at the moment).

Screenshot-5.jpg

Now, try accessing your PI home page using the https protocol. You will be prompted for the site’s security certificate as below (this happens in chrome).

Screenshot-6.jpg

Hit proceed anyway and you will end up at the home page of your PI instance. The protocol is HTTPS now.

Screenshot-7.jpg

Assigned Tags

      8 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Good one Anil. Thanks for sharing....

      Regards

      Rakesh

      Author's profile photo Sascha Wenninger
      Sascha Wenninger

      Hi Anil,

      thank you very much for sharing the setup steps so clearly!

      As an aside, if a customer does not already have a "star" SSL certificate from a trusted Certificate Authority which is trusted by browsers (i.e. no red "warning" signs), then I can recommend Start SSL. They provide SSL certificates with a 1-year validity which are trusted by all major browsers for free. I've used them in the past and have been very happy.

      Sascha

      Author's profile photo Rashmi Joshi
      Rashmi Joshi

      Hi Anil...another good blog..clear steps wid screen shot...can u please share whch scenario will need this https??? e.g. file to mail etc...can u put here sme example of scenarios??

      Regards,

      Rashmi

      Author's profile photo Former Member
      Former Member

      Hi Anil,

      When I try this I get:

      Changes will take effect once the ICM for the following SAP instances has restarted

      Did you as well. I guess I need to restart but it appears my BASIS team has the permissions for that.

      Jody

      Author's profile photo Former Member
      Former Member

      Hi Anil,

      the steps are very clear, just add a few clarifications that caused me problems

      in step SSL Access Points , set it to "Port-Specific" and

      in create Server Identity step 3 "sign with key pair" should be clicked on "select key Pair" and choose in "select view name"  service_ssl

      .

      VERY IMPORTANT the restart of ICM is not enough, I had to Restart the  instance

      Questions:

      What to put in parameter "commonName"?

      Thank again

      Miguel Bravo

      Author's profile photo Former Member
      Former Member

      good one Anil..

      Author's profile photo Former Member
      Former Member

      Thanks Anil so much. It is clearly documentation.

      Author's profile photo Yogesh Patel
      Yogesh Patel

      End to end PI HTTPS configuration is required to be called is true https.... accessing /dir page of PI with https is not full configuration. There are so many moving parts to configure PI as HTTPS.

      -Yogesh