Skip to Content
Technical Articles
Author's profile photo Witalij Rudnicki

Fixes to common issues on macOS when working with SAP HANA, express edition

With the introduction of Catalina version a year ago I started experiencing some new issues on my MacBook laptop when working with my existing instances of SAP HANA, express edition. These issues were consequences of the OS changes in the security area to protect casual users.

I see other users running into similar issues, so I would like to share with fixes I am using. If you have other tips, then please let me know in the comments!

NET::ERR_CERT_INVALID in Chromium-based web browsers

In Chromium-based web browsers (like Vivaldi, Brave, Chrome…) NET::ERR_CERT_INVALID is displayed, when opening any SAP HANA web application, like https://hxehost:39030.

The SAP HANA, express edition, is using self-signed certificate, but up to macOS 10.14 the page would be NET::ERR_CERT_AUTHORITY_INVALID. On Windows these web browsers still show NET::ERR_CERT_AUTHORITY_INVALID and you can see the link that allows you to accept the risk and to proceed to the page.

The reason for this behavior on macOS are the new security requirements for TLS server certificates in macOS 10.15: https://support.apple.com/en-us/HT210176

The solution might be to move to another browser, like Firefox, where you still can get a link to accept the risk and to move on.

But if you do not want to switch a browser and feel geeky (plus know what you are doing!), then there is a BYPASS_SEQUENCE built-in into the Chromium. This allows certificate errors “to be skippped by typing a secret phrase into the page.”: https://chromium.googlesource.com/chromium/src/+/refs/heads/master/components/security_interstitials/core/browser/resources/interstitial_large.js#15

The current sequence is dGhpc2lzdW5zYWZl, which is Base64 decoded. After encoding it says thisisunsafe. And this is what you need to type on the keyboard to get pass the certificate error message in the browser.

Please note that:

  • this bypass sequence is changing between different versions of Chromium, and
  • with great power comes great responsibility!

“file” cannot be opened because the developer cannot be verified

If you download an executable file from the Internet using a web browser, then you may run into that message trying to run it: “… cannot be opened because the developer cannot be verified. macOS cannot verify that this app is free from malware.

It happens e.g. when downloading SAP HANA Client install from https://tools.hana.ondemand.com/#hanatools.

This happens because the macOS adds an extended attribute com.apple.quarantine to files.

You can spot files with extended attributes by @ character that follows permission flags when using ls -l. You can see these extended attributes using ls -l@.

If you trust the files you downloaded, then the quarantine tag can be removed using xattr -d command, like

xattr -d com.apple.quarantine hanaclient-latest-macosx-x64.tar.gz

These extra attributes are not assigned when downloading files using e.g. curl, like:

curl "https://tools.hana.ondemand.com/additional/hanaclient-latest-macosx-x64.tar.gz" \
 --output "hanaclient-latest-macosx-x64.tar.gz" \
 --header "Cookie: eula_3_1_agreed=tools.hana.ondemand.com/developer-license-3_1.txt"

Please note that:

“Abort trap: 6”, or “Invalid dylib load”

Since Catalina was released, different Python programs have been crashing with “Abort trap: 6” if there programs use encrypted communication.

Detailed stack would mention: Invalid dylib load. Clients should not load the unversioned libcrypto dylib as it does not have a stable ABI.

I did not find the single comprehensive explanation. I relied on this one: https://bugs.python.org/issue38814#msg356779.

There were many different solutions proposed involving manual re-links. The one I found working for me was:

brew install openssl
export DYLD_FALLBACK_LIBRARY_PATH=/usr/local/opt/openssl/lib

Obviously you can skip openSSL installation, if it is already available in your OS.

I hope you find these fixes helpful…

…if ran into any of these issues.

And if you have any further details or different solutions, then please share them in the comments.


Stay healthy ❤️
-Vitaliy (aka @Sygyzmundovych)

Assigned tags

      5 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Soi Keo The Thao BK8
      Soi Keo The Thao BK8

      tks for share

      Author's profile photo George Jambon
      George Jambon

      Thank you very much Witalij !

      Your articles are always very relevant.

      I have a question regarding curl on Mac OS. I would like to download the file with curl : https://softwaredownloads.sap.com/file/0020000001866242020 (HANA Client 2.6 PL 61 with SAP Cryptolib for Mac OS included).

      Do you know which command should I use to download it with SAML issue?

      Author's profile photo Denys van Kempen
      Denys van Kempen

      Thanks for the compilation, Witalij.

      Very convenient.

      Adding a previous post on the topic for interested readers that also covers some gotchas and time waisters.

      • https://blogs.sap.com/2020/03/18/sap-hana-sapcar-and-macos/
      Author's profile photo Basis Services Bundle ERP
      Basis Services Bundle ERP

      Thank you vey much.

      Do you know if SAP plans to make Universal applications for HANA Client to support the new Macs that run on Apple Silicon (ARM processor)?

      Author's profile photo Daniel Van Leeuwen
      Daniel Van Leeuwen

      We have this requirement in our backlog.  At this point we do not have a release date for this feature.

      Regards,
      Dan van Leeuwen