AMC for SAP ASE – Setup SSL for AMC and Workload Analyzer
Prepare yourself for SAP TechEd 2021 and start learning today. This is a blog post series about the new and innovative Administration and Management Console (AMC) for the SAP Adaptive Server Enterprise 16.0 (SAP ASE) database. Stay tuned for one new blog post about AMC every week until SAP TechEd starts.
… and don’t forget to register yourself: SAP TechEd Registration
This week we want to discuss how you can setup security using SSL for AMC. Please be aware: After AMC is installed, SSL isn’t enabled by default for the 3 cases we discuss in this blog post. You need to enable it manually.
Have a look at the component diagram of AMC. We strongly recommend you enable SSL for secure communication for the following 3 cases:
- Communication between AMC.jar and SAP ASE Dataserver.
- Communication between your web browser and AMC.jar.
- Communication between AMC.jar and Workload Analyzer / SAP ASE repository server.
To implement any of these 3 cases, you will first need a SSL certificate from a valid Certificate Authority or if you’re testing, you can use a self-signed certificate.
Let’s consider the first case: Secure communication between AMC.jar and SAP ASE Dataserver.
First, enable SSL in the ASE server. If you’re using a 3rd party or CA signed certificate, refer to the steps given in SAP Note 2430055. If you’re using a self-signed certificate, follow steps given in SAP Note 1899365. In the picture below you see the AMC.properties file. Now, in the AMC.properties file, set the value of the property ase.ssl-enabled=true. Also set values for the properties ase.ssl-trust-store and ase.ssl-trust-store-password. Finally, restart the AMC application for the changes to take effect.
Now let’s consider the second case: Secure communication between your web browser and AMC.jar. If you have enabled secure communication between AMC.jar and SAP ASE Dataserver, you can use the same SSL certificate for enabling SSL or HTTPS between your web browser and AMC.jar.
In AMC.properties file, set appropriate values for the properties starting with server.ssl. First, start with setting the value of property server.ssl.enabled=true. Then, set the values of the following properties: server.ssl.key-store-type, server.ssl.key-store, server.ssl.key-store-password and server.ssl.key-alias. Optionally, you can change the value of the property server.port. Finally, restart the AMC application and you should now be able to access the application in the browser using HTTPS in the URL.
The third and last case: Secure communication between AMC.jar and Workload Analyzer / SAP ASE repository server.
Start to enable SSL on the Workload Analyzer / SAP ASE repository server. If you’re using a 3rd party or CA signed certificate, refer to SAP Note 2430055. If you’re using a self-signed certificate, follow steps given in SAP Note 1899365.
For the nexts we open the Workload Analyzer screen in the AMC user interface. Enable the toggle ‘Use SSL’ in the ‘Add Repository Server’ screen. As the last step specify the complete path to the trust store file in the ‘SSL Certificate File’ field. Finally, all communication with this repository server will use SSL.
We have covered the cases where you can setup security using SSL for the AMC application. We recommend enabling SSL for all these three cases.
We show all these cases also step-by-step in the ASE Learning Journey video. Have a look:
All infos are also always available in the AMC User Guide in the SAP Help Portal.
The learning journey for AMC will continue next week. Stay tuned and stay safe!