Secure your HANA Cloud Connector with OpenSSL certificates – Part 2
In part 1 of this blog series, I showed how to secure your SCC with a trusted UI Certificate:
Therefore, in this blog, I will show how to further secure your SCC with a trusted System Certificate, put your CA certificate in the Trust Store, install a SCC CA Certificate and with that enable Principal Propagation.
Installing a SCC System Certificate is very similar to installing a UI Certificate. The steps are:
- Generate and export a Certificate Signing request (CSR)
- Import and sign the CSR in your CA tool
- Export the resulting certificate and subsequently import it into the SCC
To import your CA certificate into your SCC, you have to export it in DER format:
Then you can import it into your SCC Trust Store:
Generating the CSR for your SCC CA Certificate is similar to the SCC System Certificate, but there is one important difference and that is 2 additional X.509 Extensions, i.e. Certificate Sign and CRL Sign. These are generated automatically by the SCC, but make sure they are present prior to singing the request:
Subsequently, your SCC CA Certificate can be imported:
And with that, Principal Propagation can be activated:
As a result, we got 2 more green boxes in the SCC General Security Status:
In my next and final blog of this series I will show how to Configure local LDAP authentication of your Cloud Connector administrators.