How To use HTTPS connections with SMP Cloud
Hi there.
You may not know but I contributed to the openSAP course “Introduction to SAP HANA Cloud Platform”. In this course I explained how to configure SMP Cloud to access a backend and to consume it using an HTML5 App.
During this course the backend was supposed to be just an HTTP backend, but also an HTTPS backend was used by some participants.
Of course does SMP Cloud supports HTTPS connections to backends, but this does not come out of the box. In order to allow HTTPS backend connections please follow the steps listed below:
First get the HANA Cloud Platform SDK. You can download it here: SAP Development Tools for Eclipse
NOTE: When prompted for password in the console client, provide the SDN password of the user.
NOTE: sXXXXXXXX must be substituted by your SCN User
Follow the steps described below:
Step 1: Get the list of destinations for the account by entering the following command in your command promt (Windows) or shell (Linux/Unix/Mac). Make sure you have an internet connection.
neo get-destination –account sXXXXXXXXtrial –user sXXXXXXXX –provider-account sapmobile –provider-application mobile –host hanatrial.ondemand.com
After choosing your particular destination and security profile, enter the following command
neo get-destination –account sXXXXXXXXtrial –user sXXXXXXXX –provider-account sapmobile –provider-application mobile –host hanatrial.ondemand.com –name <destination_name> –localpath <Path to download the destination>
<destination_name> from the first command output.
<Path to download the destination> e.g. C:\ or .
Step 2: Go to the path and edit the file, by adding the following line :
TrustAll=TRUE
Step 3: Now upload the same file using the following command
neo put-destination –account sXXXXXXXXtrial –user sXXXXXXXX –provider-account sapmobile –provider-application mobile –host hanatrial.ondemand.com –localpath <Path for the downloaded file>
Of course you have to adjust the account name and host it you are not on a trial account. Obviously it means that the -host is then hana.ondemand.com, instead of hanatrial.ondemand.com.
Have Fun,
Martin Grasshoff
EDIT: Claudia Pacheco wrote an updated guide for HCPms. Thanks!! https://scn.sap.com/docs/DOC-63416
Hi Martin,
The first 'neo' command in the Step 1 returns me the following message:
Host [configapi.hanatrial.ondemand.com] cannot be accessed. HTTPS proxy settings
not found. HTTP proxy settings not found. Configure your proxy settings as desc
ribed in the documentation
Please explain me how to configure the proxy settings or give me the link to the needed documentation.
Thanks and regards,
Sasha
Hi Alexander.
To make the neo command line tool proxy aware follow the steps described here:
https://help.hana.ondemand.com/help/frameset.htm?7613dee4711e1014839a8273b0e91070.html
Have Fun,
Martin
HI Martin,
I am trying to follow your instructions and in step 1 after entering the command:
neo get-destination --account sXXXXXXXXtrial --user sXXXXXXXX --provider-account sapmobile --provider-application mobile --host hanatrial.ondemand.com --name <destination_name> --localpath <Path to download the destination>
I get "Multiple properties files found [Mobility\Sap, HANA]. Provide only one propertie
s file".
Any idea why?
Kind regards,
Artiom Sargesjan
Have you provided a valid value for <destination_name> and <Path to download the destination>.
After retrieving the list, did you pick a destination and put it into the --name parameter?
-Martin
Hi Martin,
Thank you for the fast reply.
This is how my command looks like. I think I've provided the correct values for <destination_name> and <Path>.
neo get-destination --account p1420108685trial --user p1420108685 --provider-account sapmobile --provider-application mobile --host hanatrial.ondemand.com --name be_mysap_myapp_p1420108685trial --localpath C:\SAP Mobility
Kind regards,
Artiom
Hi Martin,
I was able to resolve my issue by placing the --localpah in quotes.
So my command looks like this.
neo get-destination --account p1420108685trial --user p1420108685 --provider-account sapmobile --provider-application mobile --host hanatrial.ondemand.com --name be_mysap_myapp_p1420108685trial --localpath "C:\SAP Mobility"
Also I want to point out that Step2 must be performed both on the destination and security profile files.
Kind regards,
Artiom
What is the command to get and put the security profile file? Thanks!
Hi, This is what I did.
1) Display the destinations for your account
2) Download the destination and the security profile files to local machine
3) Edit both files adding "TrustAll=TRUE" and upload to SAP hana
Thanks!!
Artiom Sargesjan
I tried to run the command neo get-destination --account sXXXXXXXXtrial --user sXXXXXXXX --provider-account sapmobile --provider-application mobile --host hanatrial.ondemand.com as mentioned in the step 1 but got below error:
Any idea?
Hi,
Could you post the log output?
Regards,
Artiom
Artiom Sargesjan
Please check
2014-05-14 16:17:23,128 INFO [main] com.sap.jpaas.infrastructure.console.CommandManager: Starting execution of command [get-destination]
2014-05-14 16:17:23,132 INFO [main] com.sap.jpaas.infrastructure.console.CommandManager: Command [get-destination] init() finished for [1] ms
2014-05-14 16:18:01,531 INFO [main] com.sap.jpaas.infrastructure.console.CommandManager: Command [get-destination] cleanup() finished for [0] ms
2014-05-14 16:18:01,537 FATAL [main] com.sap.jpaas.infrastructure.console.ConsoleClient: ❗ ERROR; Connection to https://configapi.hanatrial.ondemand.com refused
com.sap.jpaas.infrastructure.console.exception.CommandException
at com.sap.core.connectivity.config.cmd.GetAction.run(GetAction.java:54)
at com.sap.jpaas.infrastructure.console.CommandManager.run(CommandManager.java:295)
at com.sap.jpaas.infrastructure.console.CommandManager.run(CommandManager.java:260)
at com.sap.jpaas.infrastructure.console.ConsoleClient.run(ConsoleClient.java:235)
at com.sap.jpaas.infrastructure.console.ConsoleClient.main(ConsoleClient.java:85)
Caused by: org.apache.http.conn.HttpHostConnectException: Connection to https://configapi.hanatrial.ondemand.com refused
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:158)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:561)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
at com.sap.core.connectivity.config.cmd.GetAction.download(GetAction.java:80)
at com.sap.core.connectivity.config.cmd.GetAction.run(GetAction.java:52)
... 4 more
btw: i downloaded neo-javaee6-wp-sdk-2.32.10.1.zip from SAP Development Tools for Eclipse
Rgrds,
JK
From your previous post I understand that you are behind a proxy. Are your proxy settings correct?
Also, I'm using neo-java-web-sdk-1.52.19.zip.
thanks Martin
In command prompt message
'FINDSTR' is not recognized as an internal or external command,
operable program or batch file.
and I can not do anything more.
Jitendra Kansal Sami LechnerJitendra Kansal Martin Grasshoff
Hi Martin Grasshoff
Is these steps suitable for HCPms also or only SMP cloud?
Claudia Pacheco Jitendra KansalClaudia Pacheco
Regards,
Mohamed.
Hi,
these steps are suitable for HCP destinations in general.
This is a rather old blog post and you can upload your truststore directly using the HCP Cockpit nowadays.
Type in your URL in the Destination configuration window, unselect "Use default JKS truststore" and upload your locally created JKS file.
Regards,
Martin
Hi Martin Grasshoff,
Thanks for concern.
Actually I've posted a question regarding to Android mobile app error using HCPms: . By discussing with Claudia Pacheco, she asked me to enable Https using your blog. I've tried your steps and all are OK however the destinations received from "neo get" command were that ones on SMP cloud(Deprecated one) not HCPms. That's the story.
Now, I understood from your discussion that I could make my trust list and upload it using HCP Cockpit directly.
My question is: How to make the truststore directly using HCP Cockpit? I see only in Trust menu item, local service provider and Trusted identity provider. I didn't see "Destination configuration window", or "Use default JKS truststore". I think I went to incorrect menu item. Kindly, clarify this point.
Another question: How to create JKS file locally as you've mentioned?
Regards,
Mohamed.
Hi.
You can find the Destinations used by HCP here:
Once you edit an existing Destination you can change the URL to https. The JKS options will appear:
Now you can upload your trust- and/or keystore.
In order to create a truststore you can follow these instructions: https://docs.oracle.com/cd/E19509-01/820-3503/6nf1il6er/index.html
Kind Regards,
Martin
Hi Martin,
Is enough to add TrustAll value and set it by "TRUE" as follow to enable Https:
Jitendra Kansal Claudia Pacheco Sukanya kClaudia PachecoJitendra Kansal
Regards,
Mohamed.
Hello,
I try to adapt the instructions you show above for our factory HCP account (SAP HANA Cloud Platform Mobile Service activated), also I want to upload a keystore using the HANA Cloud Platform SDK.
I get errors like "Not a valid SAP HANA Cloud Platform landscape host". I think the credentials I enter are wrong. The patterns you give above ("sxxxxtrial", "sxxxxx", etc.) seems to work for trial accounts, I need clarification how the patterns are for a factory/productive account. However, I do not want to post the credentials here in this comment. Could I send my data/credentials to one of you forum experts via mail?
Hi Roland,
Please Follow the persons you wish to contact. Then send them a Direct Message. Alternatively, expose your email address in your profile so they can send you an email if they respond.
Regards, Mike (Moderator)
SAP Technology RIG