Due to popular demand, this blog post shows the steps required to install a custom, CA-signed SSL certificate in the SAPSSLS.pse PSE store.
(And you may need it with any XS classic HTTPS application with InA protocol.)
Good to know:
Putting it all together
Typically when installing SAP HANA 2.x or deploying a pre-installed version of SAP HANA database, the SSL certificates in different PSE stores are self-signed.
And eventually, thanks to the built-in SAP HANA XS webdispatcher, both HTTP (port 80xx) and HTTPS (port 43xx) communications are possible.
SAP HANA workbench editor.
|This is to make sure the INA package is present and is activated.
Configure SAPSSLS.pse PSE store certificate.
SAP HANA webdispatcher.
|Goto SAP HANA XS webdispatcher admin cockpit:
Initially the SAPSSLS.pse PSE store will show the default and most likely self-signed SSL certificate as depicted below
In order to allow for signed SSL HTTP connections with SAP HANA, we will need to replace that certificate with a new one signed by a CA of your choice.
Certificate Signing Request (redacted)
You will need to have access to a CA (Certificate Authority) and sign the CSR.
The screenshot below is only for illustration purposes.
Please note that we shall need to import the certificate chain.
The redacted certificate chain is shown below:
Step 4. Import CA Response
|Click on Import CA Response button above and copy and paste the content of the PKCS7 certificate and click on the Import button to validate the import.|
As a result the new and signed certificate has been imported into our PSE store.
From now on we can access HANA via HTTPS over port 43xx as depicted below: