Configuring Browsers for SSL Communication with an on-premise instance of SAP HANA XS Advanced
The Web IDE for SAP HANA is a web application running on XSA. All applications in XSA are accessed via HTTPS. Now the Web IDE itself loads components needed for its “plug-ins” and the “features” on behalf of other components already running in it (think for example about building a java module, which would then need application or server dependencies listed in the maven specific pom.xml). If you haven’t installed or configured SSL (meaning HTTPS) correctly, you would end up with a warning in the browser that the communication is not secure (see the screen shot below).
In releases prior to SPS02 those were cosmetic flaws in the browser invoking the Web IDE. In SPS02 I found that the lack of the SSL certificates can lead to severe errors:
The problem is that the browser does not trust the XSA (server) components. Now you have two ways out of this maze. The officially recommended way is to properly configure SSL in your HANA system(s). This is something a system admin would do in HANA systems residing in “his” data center, where XSA based solution development takes place. He would then consult the admin and security guide form the official HANA/XSA documentation and at some point most likely come across the SAP Note 2243019, which describes the process very well. He will basically generate officially signed certificates by a certain certification authority (CA) and install them on the server side (XSA).
The second way is really a work-around, which you can use to test and prototype the Web IDE for SAP HANA for your solution, prior to set up the recommended SSL infrastructure in XSA.
How does it work? Well, after or during installation, XSA generates “self-signed” certificates, which can be used in the browser for trusted communication with the server components. You would have to import those certificated in your browser.
In the following I will describe an easy way to do this for the Chrome browser. Please observe that I will not explicitly access the underlying Linux file system on the server side, where the certificates are stored. All I need are the developer tools of the Chrome browser to do so. Basically I am downloading the self-signed certificate from the server and importing it to my local Chrome browser, where I run the Web IDE for SAP HANA. I am sure, many of you are familiar with this process.
- Open the Web IDE in Chrome (proceed to the website if you get a warning screen). You will see a red icon next to the URL with the “https” crossed out, if the certificate is not in place (as in the screen shot above).
- Invoke the Developer Tools (F12)
- Go to the “Security” tab
- Click on “View Certificate”
- Go to the “Details” tab
- Click on “Copy to file”
- Keep the default options and save the file on your local machine
- Open Chrome Settings
- Scroll down and click on “Show advanced settings”
- Under HTTPS/SSL click on “Manage certificates”
- Go to “Trusted Root Certification Authorities” tab
- Click on Import
- Select the file you saved
- Keep the default options until you click on “Finish”
- In the warning popup click on “Yes”
- Restart Chrome
That’s it. This is the result and you will get rid of all those annoying and nasty errors about the Web IDE not being able to load plug-ins, features, components etc.
I hope you will find this post useful.
YES! An article about on-premise. As I learn more about the fun tools HANA has offered. I've been using SAPUI5 / Eclipse. In my infinite - non-wisdom... What are the differences?
Thank you,
Michelle
Hi Michelle,
this blog I published is about the Web IDE for SAP HANA. This means the following: You have an on-premise instance of SAP HANA (think of it as not just of a database, but a platform also including a database). The SAP HANA also has a so-called XSA (or XS Advanced and the official name would be "Extended Application Services Advanced Model"). The XSA is an "application server" following the micro-services architecture. But it is the environment to deploy your applications to. The applications are Java-based, Node.js-based etc. Now the tool set is pretty much in flow in recent years. For development we used the SAP HANA Studio (which is Eclipse based) and we installed it on our client machines (mostly Win, but also iOS) and connected to the HANA on-premise instance. We would then use this Studio also for admin tasks. At some point there was something called Developer Workbench, which was a browser based IDE running on the SAP HANA instance you/we had. The functionalities were the same! At least SAP tried to achieve that parity in both tools. The "problem" was that this Developer Workbench was 1) running on proprietary technology and 2) was HANA specific. SAP at some point decided to move to the Web IDE (in the cloud) and Web IDE for SAP HANA (in the on-premise case). In a casual lingo (I don't want to be to specific on this topic here, just to avoid lengthy explanations) there are differences between 1) Web IDE (in the cloud) and 2) Web IDE for SAP HANA (on-premise) - but I expect them to converge over time. But they both run on Orion, which is not proprietary but comes from Eclipse (the Foundation). One can still use the HANA Studio, but this is now deprecated for development, since eventually the feature parity between the HANA Studio and the Web IDE for SAP HANA will not be there - as a matter of fact, that parity is lost great deal even today. I don't develop in HANA Studio anymore but use the Web IDE. (for SAP HANA). I have to admit that i still use the Studio for admin tasks, since I am just used to it.
Developing SAPUI5 in the Web IDE (or even in the now also deprecated Developer Workbench) was always a better choice then in the HANA Studio - on XS Classic and as far as I can tell. I very seldom developed SAPUI5 in the Studio. Now, developing SAPUI5 on XS Advanced with the Web IDE is much more convenient - again, as far as I'm asked.
I hope, I didn't confuse you even more. But hey, go ahead and take a look at the SAP HANA Academy on YouTube and you will find tons of materials on the subject. Or just ask a question here 😉
Thank you for the great explanation!!!!
Eclipse running HANA extensions = WEB IDE (basically)
Web IDE was better in this case because it allowed for more databases than JUST HANA to be accessed.
SAPGUI5 can be developed in either of the software.
My head will soon explode - but I'm learning,
Michelle
Well, it is like this (casually speaking)
SAPUI5 is pure technology. It is actually the SAP's implementation of the HTML5 standard/specification enriched with SAP specific functionalities (JS functions, CSS etc). It is available as set of libraries and available in all newer SAP Technology stacks (HANA, SCP etc.). There is also an Open Source Version of it (SAPUI5 minus "SAP/ABAP" components [please note that I put SAP/ABAP in Quotation marks here; don't take it too literally]). It is called OpenUI5 and managed under the Apache 2.0 license.
Hopefully I could clarify things without causing too much "fresh" confusion!
Clear as mud. 🙂 I'm reading and reading some more. But now I know to go look for the HANA Studio download!
Thank you for taking the time to really help me,
Michelle
Had this exact problem today. Your solution was spot on. Fixed.
New install of SAP S/4HANA express edition 1809 SPS2