Have been struggling with this issue for sometime. Sharing this knowledge with SAP community.
HANA Cockpit runs on XSA and while accessing with HTTPS , we get error for privacy. You connection is not private:
Environment: HANA 2.0 SPS03 with cockpit SPS 07 Patch and XS xs v1.0.86
Reason for Error: Signed Certificate not installed.
- Create SAN.CNF having domain name. ( You can have multiple domain named signed as shown in below example):
Where CN can be customer name FQDN we can include multiple domain names.
- Create Certificate using openssl commands:
openssl req -out sslcert.csr -newkey rsa:2048 -nodes -keyout private.key -config san.cnf
It will create sslcert.csr file with key private.key
- Now you have to get it signed by signing authority SAP internal or External depending on your scenario. We have used SAP Internal Signing Authority : https://getcerts.wdf.global.corp.sap/pgwy/request/sapnetca_base64.html
A) : Copy content of sslcert.csr file (Please do not copy any extra space)
B) : Generate X.509 certificate
- C) It will generate signed certificate , save it as “Signed.cert”. It will have 3 Certificates (Server, Intermediate, Root) as shown below. All certificates are required to create Chain.cert (chain of signed certificate) S
- Now we will have to change private.key to pk8 format using below command:
openssl pkcs8 -in private.key -topk8 -nocrypt -out uekey.pk8
- Now create chained.cert by combining the signed certificates :
A) Create new notepad file and paste content of signed.cert, Inter.cert and Root certificate
- Now run the below command to include the signed certificate:
XSA set-certificate domain –cert chain.cer –key uekey.pk8
- Now HANA cockpit/Cockpit Manager and other XSA applications open without giving any error: