Skip to Content

As we all know, by default, PI 7.31 EHP1 (Java only) is not SSL enabled. But, most of our scenarios deal with HTTPS. And now, gone are those days where we use to get this enabled by manual activities. In just, few simple steps, we can get our PI instance SSL enabled. Let’s check out how?

We should have the cryptographic library (SAPCRYPTOLIB_32-10010888.SAR) file handy.

Go to NWA, Configuration -> Security -> SSL. By default, it says that the PI instance is not SSL enabled. Click on Edit and click on Choose file under the column Ticket File and select the cryptographic library in the popup and save it. After the successful save, you will find the SSL status as green.

Screenshot-1.jpg

Though the SSL status is green, the SSL port is not yet configured. This means, you can’t access it through HTTPS. Click on Add button under the SSL Access Points. You can specify the SSL port, Protocol, Client Authentication Mode. You can choose any of the available options in each of the column.

Screenshot-2.jpg

Screenshot-3.jpg

Screenshot-4.jpg

Once you save it, you will see everything in green. Leave the other entries (Server Identity, Trusted CAs etc.) as is since, these deal with how the SSL communication should happen between the server and the client (out of scope at the moment).

Screenshot-5.jpg

Now, try accessing your PI home page using the https protocol. You will be prompted for the site’s security certificate as below (this happens in chrome).

Screenshot-6.jpg

Hit proceed anyway and you will end up at the home page of your PI instance. The protocol is HTTPS now.

Screenshot-7.jpg

To report this post you need to login first.

8 Comments

You must be Logged on to comment or reply to a post.

  1. Sascha Wenninger

    Hi Anil,

    thank you very much for sharing the setup steps so clearly!

    As an aside, if a customer does not already have a “star” SSL certificate from a trusted Certificate Authority which is trusted by browsers (i.e. no red “warning” signs), then I can recommend Start SSL. They provide SSL certificates with a 1-year validity which are trusted by all major browsers for free. I’ve used them in the past and have been very happy.

    Sascha

    (0) 
  2. Rashmi Joshi

    Hi Anil…another good blog..clear steps wid screen shot…can u please share whch scenario will need this https??? e.g. file to mail etc…can u put here sme example of scenarios??

    Regards,

    Rashmi

    (0) 
  3. Former Member

    Hi Anil,

    When I try this I get:

    Changes will take effect once the ICM for the following SAP instances has restarted

    Did you as well. I guess I need to restart but it appears my BASIS team has the permissions for that.

    Jody

    (0) 
  4. Former Member

    Hi Anil,

    the steps are very clear, just add a few clarifications that caused me problems

    in step SSL Access Points , set it to “Port-Specific” and

    in create Server Identity step 3 “sign with key pair” should be clicked on “select key Pair” and choose in “select view name”  service_ssl

    .

    VERY IMPORTANT the restart of ICM is not enough, I had to Restart the  instance

    Questions:

    What to put in parameter “commonName”?

    Thank again

    Miguel Bravo

    (0) 
  5. Yogesh Patel

    End to end PI HTTPS configuration is required to be called is true https…. accessing /dir page of PI with https is not full configuration. There are so many moving parts to configure PI as HTTPS.

    -Yogesh

    (0) 

Leave a Reply