HANA 2.0 Cockpit Certificate issues and resolution
Have been struggling with this issue for sometime. Sharing this knowledge with SAP community.
HANA Cockpit runs on XSA and while accessing with HTTPS , we get error for privacy. You connection is not private:
Environment: HANA 2.0 SPS03 with cockpit SPS 07 Patch and XS xs v1.0.86
Reason for Error: Signed Certificate not installed.
- Create SAN.CNF having domain name. ( You can have multiple domain named signed as shown in below example):
Where CN can be customer name FQDN we can include multiple domain names.
- Create Certificate using openssl commands:
openssl req -out sslcert.csr -newkey rsa:2048 -nodes -keyout private.key -config san.cnf
It will create sslcert.csr file with key private.key
- Now you have to get it signed by signing authority SAP internal or External depending on your scenario. We have used SAP Internal Signing Authority, which i cannot paste in Public domain.
A) : Copy content of sslcert.csr file (Please do not copy any extra space)
B) : Generate X.509 certificate
- C) It will generate signed certificate , save it as “Signed.cert”. It will have 3 Certificates (Server, Intermediate, Root) as shown below. All certificates are required to create Chain.cert (chain of signed certificate) S
- Now we will have to change private.key to pk8 format using below command:
openssl pkcs8 -in private.key -topk8 -nocrypt -out uekey.pk8
- Now create chained.cert by combining the signed certificates :
A) Create new notepad file and paste content of signed.cert, Inter.cert and Root certificate
- Now run the below command to include the signed certificate:
XSA set-certificate domain –cert chain.cer –key uekey.pk8
- Now HANA cockpit/Cockpit Manager and other XSA applications open without giving any error: