Skip to Content
0
Nov 12, 2021 at 12:24 AM

HANA XS (on-prem) HttpClient.request:IPcon: connection to host :443 failed!; $REASON$=ssl

170 Views Last edit Nov 12, 2021 at 12:25 AM 2 rev

Hi,

When I make a GET or POST http request from an .xsjs service in aN on-premise HANA server to a SAP internal web domain I get the error (hiding information from hosts) :

HttpClient.request: request failed: unable to establish connection to <hostdomain>:443 - IPcon: connection to host <hostdomain>:443 failed!; $REASON$=ssl: internal error

description = "host description";

host = "hostdomain";

port = 443;

pathPrefix = "/";

proxyType = none;

proxyHost = "proxy";

proxyPort = 8080;

authType = none;

useSSL = true;

timeout = -1;

sslHostCheck = false;

sslAuth = client;

I created a trust store for this host in XS admin tool and added all certificates available in the domain and even downloaded SAP Cloud Root CA from http://www.pki.co.sap.com/

This is how my trust store looks like

trust-store.png

This is my configuration of destination

hanaartifact.png

when I select certificate actions PUT CA Response on the trust store of each certificate I get:

I cannot access the server from command line. I can only use web ide and sap/hana/xs/admin.

I can successfully call the destination from node.js using the following lines of code :

 var Request = require("request");
  var XML2js = require("xml2js");

  var sslRootCAs = require("ssl-root-cas");
  sslRootCAs
    .inject()
    .addFile("/SAP Cloud Root CA.crt")
    .addFile("/SAP Global Root CA (1).crt")
    .addFile("/SAPNetCA_G2 (5).crt");
  fs = require("fs");
   Request.post(
    {
      headers: {
        "Content-Type": "application/json",
      },
      url: "https://<HOSTDOMAIN>",
    },
    (error, response, body) => {
      if (error) {
        return console.dir(error);
      }
      console.log(response.body);
    }
  );
<br>

When I run the openssl command on my windows computer to check the chain of certificates I only get the certificate 0.

openssl s_client -connect <hostdomain>:443 -servername <hostdomain>

certchain.png

And as far as I understand, it means that my destination server doesn't send the intermediate certificates. That is why I add them to the files in node.js. But I'm not able to access from my hana server and I need to access from it

I would really appreciate if someone can help me

¿Does anyone know how to correctly configure the trust store from hana xs admin tool?

Attachments

hanaartifact.png (97.1 kB)
trust-store.png (387.2 kB)
certchain.png (39.1 kB)