Technical Articles
Generate a self-signed SSL certificate for SAP Fiori with GCP CA Authority service
Problem.
Every time when you open a Fiori Launchpad (Transaction – /UI2/FLP) you see a warning message “Your connection is not private”
It doesn’t look neat and may confuse some people. You want to fix this.
This simple step-by-step guide can help you.
Resolution.
Step 1. Create the CSR
Transaction – STRUST
Before starting keep in mind a small N.B
N.B. In Chrome 58, certificates that don’t have hostnames in the SubjectAltName field will result in a “Your connection is not private” error. A similar change was adopted in Firefox 48
1.1. Start t-code STRUST
1.2. Switch TRUST from display to change mode
1.3. Press the right mouse button from the context menu and select “Replace” (screen)
1.4. Example of PSE with DNS for SubjectAltName
CA example: DNS=vhcala4hci:localhost CN=vhcala4hci O=vhcala4hci, C=RU
1.5. Generate CSR and export it to *.csr file
Links:
2478769 – Obtaining certificates with subject Alternative Name (SAN) within STRUST
https://launchpad.support.sap.com/#/notes/2478769
Discussion about Subject Alternative Name in STRUST
https://answers.sap.com/questions/510026/how-do-you-use-strust-to-create-a-subject-alternat.html
2970934 – How to create the CSR and how to import the certificate response for ABAP system
https://launchpad.support.sap.com/#/notes/2970934
Step 2. Request certificate by GCP Certificate Authority Service
2.1. Sign In to a Google Cloud Platform (GCP) console
2.2. Find a Certificate Authority Service
2.3. Create CA pool
2.4. Create Certificate Authority in an existing pool from Step 2.3
Result:
2.5. Request a certificate
Provide CSR generated on Step 1.5
Result:
2.6. Create the certificate file
Download signed certificate.
Download CA Root certificate.
Open an empty text file.
Paste signed certificate subsequently CA Root certificate.
Save the file as .cer file
Result:
Step 3. Import certificate response in SAP NetWeaver
Upload a file from Step 2.6 in transaction STRUST
Result:
Step 4. Import CA certificate into the web browser
Import CA certificate from Step 2.6 into the web browser on the computer when you work with Fiori Launchpad
Final result:
Conclusion.
This blog post provides step by step guide on how to generate a self-signed SSL certificate for SAP Fiori with GCP CA Authority service provided.
The example is provided with SAP ABAP Platform 1909, Developer Edition but you can easily adapt this guide for your case.
Great blog Roman! Quick question, can I use the signed CA which I've generated the CSR from SSL Server Standard on SSL Client SSL Client?
Thanks again,
David