Skip to Content

How to allow the XSA self signed cert to be signed by local CA?

Hello All,

I have installed the HANA cockpit 2.0 using XSA. When launching the cockpit via the webbrowser, I get an untrusted/unsecure error, because of the fact that the XSA is using an self signed certificate (default.root.crt.pem). The certificate is located in directory /hana/shared/<SID>/xs/controller_data/controller/ssl-pub/router, but I don't see an option to generate an csr file, so the certificate can be signed by our CA.

How can we achieve this?

Versions:

SAP HANA Cockpit2.2.4 (2017-03-31 07:47:17)

SAP HANA Database Explorer2.1.3 (2017-03-13 21:22:02)

SAPUI51.38.17 (20170124144

BR

Michael

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • Best Answer
    May 25, 2017 at 05:32 AM

    Hello Michael,

    SAP Note 2243019 - Providing SSL certificates for domains defined in SAP HANA extended application services, advanced model describes this, i.e. you do not need a certificate request but generate a respective RSA key instead.

    However, my CA tool does not support the required format, so I had to convert it:

    How to convert a certificate into the appropriate format

    Best regards

    Frank

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Apr 16 at 08:54 AM

    Hi,

    i have created a new KBA with easy steps creating an SSL Certificate for HANA 2.0 Cockpit (XSA)

    2631903 - HANA Basic How-To Series - Securing HANA 2.0 Cockpit via SSL / HTTPS (Microsoft CA edition)

    BR

    Andreas

    Add comment
    10|10000 characters needed characters exceeded

  • May 25, 2017 at 07:55 AM

    Thanks Frank, much appreciated.

    Add comment
    10|10000 characters needed characters exceeded

  • Hi Michael,

    We are getting the same error. How did you get the certificate key file.

    Regards,

    Arun

    Add comment
    10|10000 characters needed characters exceeded