SAP HANA XS with HTTPS.
Due to popular demand, this blog post shows the steps required to install a custom, CA-signed SSL certificate in the SAPSSLS.pse PSE store.
(And you may need it with any XS classic HTTPS application with InA protocol.)
|Good to know:
Putting it all together
Typically when installing SAP HANA 2.x or deploying a pre-installed version of SAP HANA database, the SSL certificates in different PSE stores are self-signed.
And eventually, thanks to the built-in SAP HANA XS webdispatcher, both HTTP (port 80xx) and HTTPS (port 43xx) communications are possible.
SAP HANA workbench editor.
|This is to make sure the INA package is present and is activated.
Configure SAPSSLS.pse PSE store certificate.
SAP HANA webdispatcher.
|Goto SAP HANA XS webdispatcher admin cockpit:
Initially the SAPSSLS.pse PSE store will show the default and most likely self-signed SSL certificate as depicted below
In order to allow for signed SSL HTTP connections with SAP HANA, we will need to replace that certificate with a new one signed by a CA of your choice.
Certificate Signing Request (redacted)
You will need to have access to a CA (Certificate Authority) and sign the CSR.
The screenshot below is only for illustration purposes.
Please note that we shall need to import the certificate chain.
Sign the CSR with your global CA (Certificate Authority) for instance: https://getcerts.<xxxxxxxxx>/request/sapnetca_base64.html
The redacted certificate chain is shown below:
Step 4. Import CA Response
|Click on Import CA Response button above and copy and paste the content of the PKCS7 certificate and click on the Import button to validate the import.|
As a result the new and signed certificate has been imported into our PSE store.
From now on we can access HANA via HTTPS over port 43xx as depicted below:
Do you know the process of adding SSL certificate from another server into the trust store and then connecting it to the httpdest of the external server ? We've had issues with this configuration. We followed the steps on SAP help documentation but we're still getting errors
Hello Daniela, Thanks for reading my blog;
Back to your question. May you please narrow down your question and explain what you are trying to achieve? What is the nature of your SSL certificate? What is it for ?
This blog is really dedicated to a very specific use case of uploading a CA-signed certificate to the XS engine of a SAP HANA 2.x system
Assuming that you also use a SAP HANA 2.x OP system, are you using the xsjs cockpit or the new XSA-based cockpit to manage your SAP HANA instance?
In a nutshell, you could also import (upload) your SSL certificate from the above PSE Management Webdispatcher based interface if you know which PSE store it should go to. Or from the XSJS cockpit or from the XSA-cockpit.
kind regards; Piotr