Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
cancel
Showing results for 
Search instead for 
Did you mean: 
Aisurya
Participant

Introduction


This blog helps to Generate Certificates and add it to HANA Certificate Store and Configure Certificate Collection while configuration of Principal Propagation to SAP HANA XS on SCP.

Please follow the below detailed blog by martin.raepple for the Principal Propagation to SAP HANA XS.

Principal Propagation between HTML5- or Java-based applications and SAP HANA XS on SAP HANA Cloud Pl...


 

Am highlighting a section where we are unable to find the certificates after configuring the Trust in SAML Identity Provider.

To verify the list of certificates installed use the following SQL Command.

SELECT * FROM SYS.CERTIFICATES 

If the result is empty. Follow the below steps to generate the Certificates.

  • Login to HANA Admin Cockpit with SYSTEM user .



  • Make sure the SYSTEM user contains all Admin System privileges ( like TENANT ADMIN, CERTIFICATE ADMIN etc ).



  • After login navigate to SAP HANA Certificate Management section. It should look similar to below.  if the "Configure Certificate Collections" count is 0 then it means there is no certificate in it.


 



 

Generate Certificates


The generated certificate which  will be later imported it to Certificate Store. To do so follow the below steps.

 

Step :1 - Edit the metadata.xml (.xml file generated from the Step 1: Configuring the Local Service Provider for HTML5 apps from the above blog) in notepad++ and the file should look like the below.



Step :2 - Copy the values highlighted in Yellow .i.e the values between <X509Certificate>  </X509Certificate> html tags.

 

Step :3 - Create a Certificate(.der) file . Open a notepad and paste it, then add "-----BEGIN CERTIFICATE-----" in the beginning of it and "-----END CERTIFICATE-----" to the end of it . The file should look similar to below.



Step :4 - Now save the file in .der format. ex:- scpcertficatetrial.der

 

Step :5 - Import the certificate in "Certificate Store". See the below image.



Step :6 - Create a "Certificate Collection" ex:- SCP Certificate.



Step :7 - Add the Certificate to the Collection.



Step :8 - Change the Purpose to SAML and save it.



 

Step :9 - Lets check in the HANA Cockpit. You can see the number of certificates in the cockpit if all the configs are done as described above.



 

Also verify that the certificate of your SCP account metadata has been successfully stored using the following SQL command:
SELECT * FROM SYS.CERTIFICATES

The certificate will be fetched. It should look similar to below:-



 

This step concludes the scenario of Certificate Creation and Addition to the Store.

 

I hope this blog will help you.

Cheers!!

 
Labels in this area