Skip to Content
Technical Articles
Author's profile photo Roman Gorbenko

Generate a self-signed SSL certificate for SAP Fiori with GCP CA Authority service


Every time when you open a Fiori Launchpad (Transaction – /UI2/FLP) you see a warning message “Your connection is not private”
It doesn’t look neat and may confuse some people. You want to fix this.
This simple step-by-step guide can help you.


Step 1. Create the CSR
Transaction – STRUST
Before starting keep in mind a small N.B
N.B. In Chrome 58, certificates that don’t have hostnames in the SubjectAltName field will result in a “Your connection is not private” error. A similar change was adopted in Firefox 48
1.1. Start t-code STRUST
1.2. Switch TRUST from display to change mode
1.3. Press the right mouse button from the context menu and select “Replace” (screen)
1.4. Example of PSE with DNS for SubjectAltName
CA example: DNS=vhcala4hci:localhost CN=vhcala4hci O=vhcala4hci, C=RU
1.5.  Generate CSR and export it to *.csr file
2478769 – Obtaining certificates with subject Alternative Name (SAN) within STRUST
Discussion about Subject Alternative Name in STRUST
2970934 – How to create the CSR and how to import the certificate response for ABAP system
Step 2. Request certificate by GCP Certificate Authority Service
    2.1. Sign In to a Google Cloud Platform (GCP) console
    2.2. Find a Certificate Authority Service
    2.3. Create CA pool
2.4. Create Certificate Authority in an existing pool from Step 2.3
2.5. Request a certificate
Provide CSR generated on Step 1.5
2.6. Create the certificate file
Download signed certificate.
Download CA Root certificate.
Open an empty text file.
Paste signed certificate subsequently CA Root certificate.
Save the file as  .cer file
Step 3. Import certificate response in SAP NetWeaver
Upload a file from Step 2.6 in transaction STRUST
Step 4. Import CA certificate into the web browser
Import CA certificate from Step 2.6 into the web browser on the computer when you work with Fiori Launchpad
Final result:


This blog post provides step by step guide on how to generate a self-signed SSL certificate for SAP Fiori with GCP CA Authority service provided.
The example is provided with SAP ABAP Platform 1909, Developer Edition but you can easily adapt this guide for your case.

Assigned Tags

      1 Comment
      You must be Logged on to comment or reply to a post.
      Author's profile photo David Nguyen
      David Nguyen

      Great blog Roman! Quick question, can I use the signed CA which I've generated the CSR from SSL Server Standard on SSL Client SSL Client?

      Thanks again,