As we all know, by default, PI 7.31 EHP1 (Java only) is not SSL enabled. But, most of our scenarios deal with HTTPS. And now, gone are those days where we use to get this enabled by manual activities. In just, few simple steps, we can get our PI instance SSL enabled. Let’s check out how?
We should have the cryptographic library (SAPCRYPTOLIB_32-10010888.SAR) file handy.
Go to NWA, Configuration -> Security -> SSL. By default, it says that the PI instance is not SSL enabled. Click on Edit and click on Choose file under the column Ticket File and select the cryptographic library in the popup and save it. After the successful save, you will find the SSL status as green.
Though the SSL status is green, the SSL port is not yet configured. This means, you can’t access it through HTTPS. Click on Add button under the SSL Access Points. You can specify the SSL port, Protocol, Client Authentication Mode. You can choose any of the available options in each of the column.
Once you save it, you will see everything in green. Leave the other entries (Server Identity, Trusted CAs etc.) as is since, these deal with how the SSL communication should happen between the server and the client (out of scope at the moment).
Now, try accessing your PI home page using the https protocol. You will be prompted for the site’s security certificate as below (this happens in chrome).
Hit proceed anyway and you will end up at the home page of your PI instance. The protocol is HTTPS now.