When you install SAP HANA 2.0, SSL certificate in PSE store is self-signed. In order to allow for signed SSL HTTP connections with SAP HANA, we need to replace default self-signed certificate with a new one signed by a CA of your choice.
Steps
1. Go to below URL
https://FQDN:4300/sap/hana/xs/wdisp/admin/public/default.html
2. Open the tree of SSL and Trust configuration, Click on PSE Management
3. Click on Recreate PSE to get below screen
In Distinguished Name input bar provide below details
CN=full_domain/host/_name_for_which_certificate_to_be_signed, OU=HANA,O=SAP,L=Default City, C=Country
Provide these details as per your organization specification and click on Create.
4. Now create a CSR with given distinguished name and other details for the PSE you created.
click Create CA request and copy the complete code.
5. Share this csr code file to CA authority for CA signed certificate.
6. If you received files in .crt format create single file from all the .crt files
Copy code from each .crt file and paste it in notepad with following sequence.
◉ ROOT_CA cert File content
◉ Hostname cert file content
◉ SSL_CA cert file content
Once the content is ready save the file.
7. Copy the file content from point 6 and click on Import CA response
8. With this import you should get the output screen as below which indicate the successful import of the certificate.
9. Try to login with https url and you should not get security warning/error
No comments:
Post a Comment