Hi, hoping for some help with SAP BO/DS SSL configuration
We are upgrading the operating system for our SAP environment but have hit some issues when trying to implement SSL
We have used DigiCert for SSL authentication for which we were provided server key (servername.key), server certificate (servername.der), trusted certificates (DigiCertCA.der and TrustedRoot.der) along with the passphrase file and keystore file (server.jks)
Based on the following (https://blogs.sap.com/2017/02/24/configure-the-sia-to-use-the-ssl-certificates-in-bi-4.2-sp04/), we note that we also need a PSE file which we created using the above:
sapgenpse import_p8 -p C:\SSL\cert.pse -c C:\SSL\servername.der -r C:\SSL\TrustedRoot.der -z C:\SSL\passphrase.txt C:\SSL\servername.key
followed by
sapgenpse seclogin -p C:\SSL\cert.pse -O SYSTEM
and
sslconfig.exe -dir C:\SSL\ -mycert servername.der -rootcert TrustedRoot.der -passphrase passphrase.txt -mykey servername.key -psecert cert.pse -protocol mixed
according to above link, we should now be able to enter address https://server:8443/BOE/CMC but we get a "server refused to connect". Unfortunately, no error message is logged to either tomcat or BO log files so cannot determine where we went wrong
One uncertainty is what should be done with the other cert file received (DigiCertCA.der), any ideas?
we have also carried out the other steps e.g. Tomcat configuration has below added:
-Dbusinessobjects.orb.oci.protocol=ssl
-DcertDir=C:\SSL
-DtrustedCert=DigiCertCA.der;TrustedRoot.der
-DsslCert=servername.der
-DsslKey=servername.key
-Dpassphrase=passphrase.txt
added connector to server.xml (this was taken from our existing working server but we did also try standard HTTP/1.1 protocol without success):
<Connector proxyName="fullservername" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:\SSL\server.jks" keystorePass="<pass>"> </Connector>
and enabled SSL with above files within the SIA properties
reboots have had no success either
any suggestions on what we could do? Or even how we identify what the error is?
Thanks