Community
Technology Blog Posts by SAP
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

HANA 2.0 Cockpit Certificate issues and resolution

NaveenKumarKaus
Participant
‎2018 Aug 23 12:12 PM
18,392
Have been struggling with this issue for sometime.  Sharing this knowledge with SAP community.

 

Problem:

HANA Cockpit runs on XSA and while accessing with HTTPS , we get error for privacy. You connection is not private:





Environment: HANA 2.0 SPS03 with cockpit SPS 07 Patch and XS  xs v1.0.86

Reason for Error:  Signed Certificate not installed.

 

  1. Create SAN.CNF having domain name. ( You can have multiple domain named signed as shown in below example):
                                    Where CN can be customer name FQDN                                                                                     we can include multiple domain names.                 

  2. Create Certificate using openssl commands:
    openssl req -out sslcert.csr -newkey rsa:2048 -nodes -keyout private.key -config san.cnf
    It will create sslcert.csr file with key private.key

  3. Now you have to get it signed by signing authority SAP internal or External depending on your scenario. We have used SAP Internal Signing Authority, which i cannot paste in Public domain.
    A) :  Copy content of sslcert.csr file (Please do not copy any extra space)
    B) : Generate X.509 certificate
    Select X.509 for Java Based XSA applications.

  4. C) It will generate signed certificate , save it as "Signed.cert". It will have 3 Certificates (Server, Intermediate, Root) as shown below. All certificates are required to create Chain.cert (chain of signed certificate) S

  5. Now we will have to change private.key to pk8 format using below command:


    openssl pkcs8 -in private.key -topk8 -nocrypt -out uekey.pk8


  6. Now create chained.cert by combining the signed certificates :
    A) Create new notepad file and paste content of signed.cert, Inter.cert and Root certificate

  7. Now run the below command to include the signed certificate:
    XSA set-certificate domain --cert chain.cer --key uekey.pk8 

  8. Now HANA cockpit/Cockpit Manager and other XSA applications open without giving any error:


 
13 Comments