Skip to Content

Live Data Connection to SAP Universes

Mar 02 at 07:33 PM


avatar image

Hello friends, I have a question. I'm trying to configure the connection to SAP universes through Live Data Connection (Direct Connection). For this I had to configure the "https" on my BO server. The question I have is whether it is mandatory to set up a certificate signed by certification authority because I did not do it like that and the loading of universes unx does not work properly, I only configured the https but did not send to sign the certificate to a certification authority.

Can you please guide me?


Kind Regards


10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

4 Answers

Julian Jimenez
Mar 02 at 08:46 PM

Hi Victor,

You always need a valid certificate for your browser:

  • Apache (Reverse Proxy), so your browser doesn't complain every time your users connect to the URL
  • Tomcat (CORS): Direct Connection uses two connections, one to SAC (HTTPS) and the second one to Tomcat (also HTTPS). It won't work if Chrome doesn't trust automatically the connection to Tomcat. In KBA we explain that behaviour.

If you have an internal certificate authority and your computers have its root certificate installed, you can sign the certificate in Tomcat using that Certificate Authority.



10 |10000 characters needed characters left characters exceeded
Tammy Powlas
Mar 02 at 07:42 PM

Hello Victor - please check the SAP Guided Answers at


  1. Set the connection type to:
  • Direct, if you aren’t using reverse proxy, then specify the BI Tomcat Server’s Host and HTTPS port below that
  • Path, if you have configured a reverse proxy and enter the Path Prefix “/<PATH>” value defined during reverse proxy setup


Source: SAP

Good luck,


10 |10000 characters needed characters left characters exceeded
Victor Santiago Alé C. Mar 05 at 01:45 PM

Thank you very much for the answers. I will review what you indicate and I will tell you the results.

Kind Regards


10 |10000 characters needed characters left characters exceeded
Matthew Shaw
Mar 07 at 04:24 PM

If you're using a reverse proxy (which will need a PATH connection) then in apache's httpd.conf if you add

## next 3 lines only needed if using self-signed certificates and you are not using SSL 2.4
##      Otherwise remove (comment them) to allow the remote server certificate's 
##      CN field is compared against the hostname of the request URL
##      PeerExpire checks the certificate has not expired

SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off

This will allow your reverse proxy to work against a local Tomcat machine talking SSL that has a non-signed certificate. Your browser will still be prompted to trust the certificate, unless you get it signed by a Certificate Authority

Regards, Matthew

PS for universe connectivity with SAC, I'm developing a wiki site dedicated for it

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hi Matthew,

Thanks for your reply but I´m not using a reverse proxy. I´m using a direct connection (CORS).

Best Regards