Intro

Welcome again to the wonderful world of secure http communication using the HANA XS engine. In this second part of the series you will learn how to set up a XS trust store for outbound http services via SSL (https). As a prerequisite you already need to be able to access your box at

https://<yourHostName>:43<yourInstanceNumber>/sap/hana/xs/admin/

-> tab: trust relations

without any error messages. Should you face issues with this, please go back to the first blog at Outbound httpS with HANA XS (part 1) – set up your HANA box to use SSL/TLS.

If this is already working for you, we can proceed with setting up a trust store and importing our target service’s certificate using the example destination https://api.github.com

Export the target certificate

To receive this certificate we will go to the destination page using your browser and export the certificate to a file. In the case of api.github.com this means:

1. Open https://api.github.com with your browser
2. Click on the green lock
3. Change to the ‘Connection’ tab
4. Click on ‘Certificate information’
5. Via the ‘Copy to File’ button in the ‘Details’ tab you will be able to export the certificate to a local file (here: ‘apiGutHub.cer’)
6. Leaving the default (‘DER encoded binary X.509 (.CER)’) is perfectly fine

Create a trust store and import the certificate

The full documentation on how to do this is available in the HANA Administration guide (chapter 15.3)

The following is just the shortcut description:

• To be able to edit trust stores your user will need the
  • role: sap.hana.xs.admin.roles::TrustStoreAdministrator
• To create a trust store open the XS admin tool on your HANA box
  • https://<yourHost>:43<yourInstNo>/sap/hana/xs/admin/
  • Go to tab ‘Trust Manager’
• Now create a trust store via the icon on the left   and give it a name(e.g.: ‘github api’ )
• By clicking on that trust store you should now see an anonymous ‘own certificate’ and an empty ‘certificate list’

• To finally import the api github certificate
  • Click the ‘Browse’ button below the ‘certificate list’
  • Provide the path to the exported certificate (here: ‘apiGutHub.cer’)
  • Hit ‘Import certificate’
  • This should result in something like this

• And finally this one

– Please check that the CN=<target> really matches your target as this is common source for errors

Video

You prefer a video?

OK, here we go:

Conclusion

Congratulations! You are now done with setting up the scenario and can go to the fun part of coding at Outbound httpS with HANA XS (part 3) – call the https outbound service in XS server side JavaScript (xsjs)

Enjoy!