cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

FIORI Apps blocked due to certificate issue

Go to solution
sebastian_bala
Discoverer

on ‎05-08-2020 12:09 PM

0 Kudos

We have the S4/HANA 1809 fully activated instance running since about a year now and ran into some certificate issues lately. After the pre installed certificate run out I created new PSEs as usual using STRUST and we would be fine with the certificate warning of the browsers that the certificates are not trusted but if you try to start an FIORI App it says that the content is blocked due to not trusted/signed certificate and we get a "fatal TLS certificate unknown alert message" in the DEV_ICM trace.

Anyone managed to reinstall trusted certificates on a SAP CAL instance? Or is there a way to open FIORI Apps without a trusted certificate?

Thanks!

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

JoergWolf
Product and Topic Expert
Product and Topic Expert
‎05-11-2020 2:17 PM
0 Kudos

Hi Sebastian,

if you get the error on port 44301 (i.e. the web dispatcher port) check the following in the web dispatcher console (https://vhcals4hcs.dummy.nodomain:44301/sap/admin/public/default.html , BPINST/Welcome1):

1.) Go to Menu > S4H > Monitor Application Servers.

2.) Check if there is a red error icon in column "Valid (HTTPS)".

3.) If yes, click on the vhcals4hci... button in column Name > Establish Trust > Import the Peer certificate.

This renews the trust relation between web dispatcher and ABAP server and is needed everytime you change the ABAP server certificate in STRUST.

If this doesn't help, please try to access Fiori on port 44300 (direct ABAP port) and post your findings via screenshot here.

Apart from that, there's a medium-difficult way to create a free Let's Encrypt certificate and import it into the appliance if that's an option for you as well. Let me know and we will find a way to provide you some documentation.

Best, Joerg

Show replies
Show replies
sebastian_bala
Discoverer
‎05-12-2020 10:19 AM
0 Kudos

Hi Jörg,

thank you!!! I searched for days and it is so easy when you know where to look ...

Cheers!

Sebastian

adrian_vaughan
Explorer
‎05-15-2020 9:09 PM
0 Kudos

Hi Joerg, I am interested in the Let's Encrypt certificate installation process ( I have the 1909 CAL instance on GCP) if you can provide details!

Answers (3)

Answers (3)

JoergWolf
Product and Topic Expert
Product and Topic Expert
‎09-21-2020 4:06 PM
0 Kudos

Hi Sebastian,

we haven't used SSL in the appliance for the ADS RFC connection since the connection to Adobe works without it as well.

I would assume that you can establish the trusted handshake between ABAP and JAVA by importing mutual certificates that you could obtain from a CA. But we haven't tested this.

Best, Joerg

Show replies
Show replies
sebastian_bala
Discoverer
‎08-18-2020 8:00 AM
0 Kudos

We've got another issue with certificates on our S4/HANA 1809 fully activated. If we try to reach (RFC test) the ADS on the java instance we get still an SSL Trust error. Is there an easy way to fix this like for the web dispatcher?

Will defintly have a look into the guide you posted to install trusted certificates! But looks not like a fast way 🙂

Thanks!

Show replies
Show replies
JoergWolf
Product and Topic Expert
Product and Topic Expert
‎07-02-2020 7:14 PM
0 Kudos

Hi Adrian,

sorry, this slipped through and I just discovered your question by accident (if you still read this):

See this guide (it's also linked from the appliance demo guide page).

Best, Joerg

Show replies
Show replies
Ask a Question