If your HANA Server communicates via https to serve the HANA Cockpit or HALM or any other XS website, with new browsers you may experience that your certificate is no longer trusted and your connection is reported as “Not Secure”.
- SAP HANA 1.0
- SAP HANA 2.0
The latest browsers like Microsoft Edge, Chrome 58 etc. try to make the web experience as smooth as possible. This causes a problem for certificate debugging. Back in the good old days with Internet Explorer you simply could click on the “Not secure” area and straight got a hint what might be the problem with the connection.
As said, this is now not longer that easy, but at least in Chrome there is a way to get more information.
In Chrome go to the menu -> more tools -> developer tools
Switch to the security tab and here you see more information why the connection is not secured. In this example the issuer certificate of the signing CA is missing.
” Certificate Error: There are issues with the site’s certificate chain. (net::ERR_CERT_AUTHORITY_INVALID). ”
We now can get a glimpse where the problem is located.
Above in my screenshots you can see the root certificate is missing. So simply add the root certificate of the signing authority to your computer and you are good to go for the issue shown above.
But this is not the issue we see when suddenly a new browser reports the website as “Not Secure”.
The problem is located in the “Subject Alternative Name” or in short “SAN”. New browsers will not trust a certificate if there is no SAN included, even if the certificate chain is in place and everything else is as it should be.
So remember: Include a “SAN” in your https certificate!
All of this is also explained in much more details in the HANA Basic How-To Series – HANA and SSL.
You will find the Master KBA with further links here.
The direct link to the KBA about the topic we talked about above can be found here or via the Master KBA.