Skip to Content

SSL Configuration of the SAP Host Agent

As user root:

# cd /usr/sap/hostctrl/

# cd exe

# mkdir sec

# cd sec

Set envrionment

# export SECUDIR=/usr/sap/hostctrl/exe/sec

Create server PSE

# /usr/sap/hostctrl/exe/sapgenpse get_pse -p SAPSSLS.pse -noreq -x <PASSWORD> “CN=<HOSTNAME>”

# ll /usr/sap/hostctrl/exe/sec/SAPSSLS.pse

Grant Host Agent access to the server PSE

# /usr/sap/hostctrl/exe/sapgenpse seclogin -p SAPSSLS.pse -x <PASSWORD> -O sapadm

Verify the chain

# /usr/sap/hostctrl/exe/sapgenpse get_my_name -p SAPSSLS.pse -x <PASSWORD> –v

Allow file access

# chmod 644 /usr/sap/hostctrl/exe/sec/SAPSSLS.pse

Restart Host Agent

# /usr/sap/hostctrl/exe/saphostexec –restart pf=/usr/sap/hostctrl/exe/host_profile

SAP Host Agent should now be listening on port 1129

# cd /usr/sap/hostctrl/work

# grep 1129 /usr/sap/hostctrl/work/sapstartsrv.log

Webservice SSL thread started, listening on port 1129

Trusted https connect via Unix domain socket ‘/tmp/.sapstream1129’ enabled.

You must be Logged on to comment or reply to a post.
  • For Windows-Users:

    1. Open DOS-Prompt
    2. cd c:\Program Files\SAP\hostctrl\exe
    3. mkdir sec
    4. cd sec
    5. set SECUDIR=%CD%
    6. ..\sapgenpse.exe get_pse -p SAPSSLS.pse -x >PASSWORT> "CN=<HOSTNAME>"
    7. ..\sapgenpse.exe seclogin -p SAPSSLS.pse -x >PASSWORT> -O <User wich runs the service>
    8. Stop/Start service: "sc stop "SAPHostControl""
    9. "sc start "SAPHostControl""
    10. "sapstartsrv.log" should have a line that reads "Webservice SSL thread started, listening on port 1129"

    You can also try to point your web browser to that port. It should come back with sap-MC.

    Best regards,