Skip to Content
Technical Articles

Generate certificate and add to SAP HANA Certificate Store

Introduction

This blog helps to Generate Certificates and add it to HANA Certificate Store and Configure Certificate Collection while configuration of Principal Propagation to SAP HANA XS on SCP.

Please follow the below detailed blog by Martin Raepple for the Principal Propagation to SAP HANA XS.

Principal Propagation between HTML5- or Java-based applications and SAP HANA XS on SAP HANA Cloud Platform

 

Am highlighting a section where we are unable to find the certificates after configuring the Trust in SAML Identity Provider.

To verify the list of certificates installed use the following SQL Command.

SELECT * FROM SYS.CERTIFICATES 

If the result is empty. Follow the below steps to generate the Certificates.

  • Login to HANA Admin Cockpit with SYSTEM user .
  • Make sure the SYSTEM user contains all Admin System privileges ( like TENANT ADMIN, CERTIFICATE ADMIN etc ).
  • After login navigate to SAP HANA Certificate Management section. It should look similar to below.  if the “Configure Certificate Collections” count is 0 then it means there is no certificate in it.

 

 

Generate Certificates

The generated certificate which  will be later imported it to Certificate Store. To do so follow the below steps.

 

Step :1 – Edit the metadata.xml (.xml file generated from the Step 1: Configuring the Local Service Provider for HTML5 apps from the above blog) in notepad++ and the file should look like the below.

Step :2 – Copy the values highlighted in Yellow .i.e the values between <X509Certificate>  </X509Certificate> html tags.

 

Step :3 – Create a Certificate(.der) file . Open a notepad and paste it, then add “—–BEGIN CERTIFICATE—–” in the beginning of it and “—–END CERTIFICATE—–” to the end of it . The file should look similar to below.

Step :4 – Now save the file in .der format. ex:- scpcertficatetrial.der

 

Step :5 – Import the certificate in “Certificate Store”. See the below image.

Step :6 – Create a “Certificate Collection” ex:- SCP Certificate.

Step :7 – Add the Certificate to the Collection.

Step :8 – Change the Purpose to SAML and save it.

 

Step :9 – Lets check in the HANA Cockpit. You can see the number of certificates in the cockpit if all the configs are done as described above.

 

Also verify that the certificate of your SCP account metadata has been successfully stored using the following SQL command:

SELECT * FROM SYS.CERTIFICATES

The certificate will be fetched. It should look similar to below:-

 

This step concludes the scenario of Certificate Creation and Addition to the Store.

 

I hope this blog will help you.

Cheers!!

 

Be the first to leave a comment
You must be Logged on to comment or reply to a post.