When you install SAP HANA 2.0, SSL certificate in PSE store is self-signed. In order to allow for signed SSL HTTP connections with SAP HANA, we need to replace default self-signed certificate with a new one signed by a CA of your choice.
Steps
- Go to below URL
https://FQDN:4300/sap/hana/xs/wdisp/admin/public/default.html
- Open the tree of SSL and Trust configuration, Click on PSE Management
3. Click on Recreate PSE to get below screen
In Distinguished Name input bar provide below details
CN=full_domain/host/_name_for_which_certificate_to_be_signed, OU=HANA,O=SAP,L=Default City, C=Country
Provide these details as per your organization specification and click on Create.
- Now create a CSR with given distinguished name and other details for the PSE you created.
click Create CA request and copy the complete code.
- Share this csr code file to CA authority for CA signed certificate.
- If you received files in .crt format create single file from all the .crt files
Copy code from each .crt file and paste it in notepad with following sequence.
- ROOT_CA cert File content
- Hostname cert file content
- SSL_CA cert file content
Once the content is ready save the file.
- Copy the file content from point 6 and click on Import CA response
8. With this import you should get the output screen as below which indicate the successful import of the certificate.
- Try to login with https url and you should not get security warning/error
Hope this article will help you setting up the SAP HANA XS with HTTPS.
