Skip to Content
0
Aug 21, 2023 at 05:01 AM

SSL setup - connection refused

204 Views

Hi, hoping for some help with SAP BO/DS SSL configuration

We are upgrading the operating system for our SAP environment but have hit some issues when trying to implement SSL

We have used DigiCert for SSL authentication for which we were provided server key (servername.key), server certificate (servername.der), trusted certificates (DigiCertCA.der and TrustedRoot.der) along with the passphrase file and keystore file (server.jks)

Based on the following (https://blogs.sap.com/2017/02/24/configure-the-sia-to-use-the-ssl-certificates-in-bi-4.2-sp04/), we note that we also need a PSE file which we created using the above:

sapgenpse import_p8 -p C:\SSL\cert.pse -c C:\SSL\servername.der -r C:\SSL\TrustedRoot.der -z C:\SSL\passphrase.txt C:\SSL\servername.key

followed by

sapgenpse seclogin -p C:\SSL\cert.pse -O SYSTEM

and

sslconfig.exe -dir C:\SSL\ -mycert servername.der -rootcert TrustedRoot.der -passphrase passphrase.txt -mykey servername.key -psecert cert.pse -protocol mixed

according to above link, we should now be able to enter address https://server:8443/BOE/CMC but we get a "server refused to connect". Unfortunately, no error message is logged to either tomcat or BO log files so cannot determine where we went wrong

One uncertainty is what should be done with the other cert file received (DigiCertCA.der), any ideas?

we have also carried out the other steps e.g. Tomcat configuration has below added:

-Dbusinessobjects.orb.oci.protocol=ssl

-DcertDir=C:\SSL

-DtrustedCert=DigiCertCA.der;TrustedRoot.der

-DsslCert=servername.der

-DsslKey=servername.key

-Dpassphrase=passphrase.txt

added connector to server.xml (this was taken from our existing working server but we did also try standard HTTP/1.1 protocol without success):

<Connector proxyName="fullservername" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:\SSL\server.jks" keystorePass="<pass>"> </Connector>

and enabled SSL with above files within the SIA properties

reboots have had no success either

any suggestions on what we could do? Or even how we identify what the error is?

Thanks