Skip to Content

Have been struggling with this issue for sometime.  Sharing this knowledge with SAP community.

 

Problem:

HANA Cockpit runs on XSA and while accessing with HTTPS , we get error for privacy. You connection is not private:

Environment: HANA 2.0 SPS03 with cockpit SPS 07 Patch and XS  xs v1.0.86

Reason for Error:  Signed Certificate not installed.

 

  1. Create SAN.CNF having domain name. ( You can have multiple domain named signed as shown in below example):
                                    Where CN can be customer name FQDN                                                                                     we can include multiple domain names.                 
  2. Create Certificate using openssl commands:
    openssl req -out sslcert.csr -newkey rsa:2048 -nodes -keyout private.key -config san.cnf
    It will create sslcert.csr file with key private.key
  3. Now you have to get it signed by signing authority SAP internal or External depending on your scenario. We have used SAP Internal Signing Authority : https://getcerts.wdf.global.corp.sap/pgwy/request/sapnetca_base64.html
    A) :  Copy content of sslcert.csr file (Please do not copy any extra space)
    B) : Generate X.509 certificate
    Select X.509 for Java Based XSA applications.
  4. C) It will generate signed certificate , save it as “Signed.cert”. It will have 3 Certificates (Server, Intermediate, Root) as shown below. All certificates are required to create Chain.cert (chain of signed certificate) S
  5. Now we will have to change private.key to pk8 format using below command:

    openssl pkcs8 -in private.key -topk8 -nocrypt -out uekey.pk8

  6. Now create chained.cert by combining the signed certificates :
    A) Create new notepad file and paste content of signed.cert, Inter.cert and Root certificate
  7. Now run the below command to include the signed certificate:
    XSA set-certificate domain –cert chain.cer –key uekey.pk8 
  8. Now HANA cockpit/Cockpit Manager and other XSA applications open without giving any error:

 

To report this post you need to login first.

Be the first to leave a comment

You must be Logged on to comment or reply to a post.

Leave a Reply