Skip to Content
0

How to allow the XSA self signed cert to be signed by local CA?

May 24, 2017 at 10:32 PM

1.3k

avatar image

Hello All,

I have installed the HANA cockpit 2.0 using XSA. When launching the cockpit via the webbrowser, I get an untrusted/unsecure error, because of the fact that the XSA is using an self signed certificate (default.root.crt.pem). The certificate is located in directory /hana/shared/<SID>/xs/controller_data/controller/ssl-pub/router, but I don't see an option to generate an csr file, so the certificate can be signed by our CA.

How can we achieve this?

Versions:

SAP HANA Cockpit2.2.4 (2017-03-31 07:47:17)

SAP HANA Database Explorer2.1.3 (2017-03-13 21:22:02)

SAPUI51.38.17 (20170124144

BR

Michael

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

4 Answers

Best Answer
Frank Schuler
May 25, 2017 at 05:32 AM
0

Hello Michael,

SAP Note 2243019 - Providing SSL certificates for domains defined in SAP HANA extended application services, advanced model describes this, i.e. you do not need a certificate request but generate a respective RSA key instead.

However, my CA tool does not support the required format, so I had to convert it:

How to convert a certificate into the appropriate format

Best regards

Frank

Share
10 |10000 characters needed characters left characters exceeded
avatar image
Former Member
Apr 16 at 08:54 AM
1

Hi,

i have created a new KBA with easy steps creating an SSL Certificate for HANA 2.0 Cockpit (XSA)

2631903 - HANA Basic How-To Series - Securing HANA 2.0 Cockpit via SSL / HTTPS (Microsoft CA edition)

BR

Andreas

Share
10 |10000 characters needed characters left characters exceeded
Michael Healy
May 25, 2017 at 07:55 AM
0

Thanks Frank, much appreciated.

Show 2 Share
10 |10000 characters needed characters left characters exceeded

Hello Michael,

In case you were interested, I put a few more details into this blog:

Providing OpenSSL certificates for domains defined in HANA XSA

Best regards

Frank

2
Looking forward to reading it Frank, thanks a bunch.
0
avatar image
Former Member Jan 19 at 06:03 PM
0

Hi Michael,

We are getting the same error. How did you get the certificate key file.

Regards,

Arun

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Look at Frank's answer that is highlighted as "Best Answer"

0