Enterprise Resource Planning Blogs by Members
Gain new perspectives and knowledge about enterprise resource planning in blog posts from community members. Share your own comments and ERP insights today!
Showing results for 
Search instead for 
Did you mean: 
This blog post is for setting up SSL for Application server S/4HANA for successful connection with SAC (SAP Analytics Cloud).

Background -

When we are connecting SAC (SAP Analytics Cloud) to SAP S/4HANA system with direct live connection, we need to make trusted connection.

Else error can be seen as -

Setting Up SSL

Check CommonCryptoLib version


Login into <Applicaion Server Host> as <sid>adm

server: <sid>adm > cdexe

server: <sid>adm > pwd


server: <sid>adm > sapgenpse -l /sapmnt/<SID>/exe/uc/linuxx86_64/libsapcrypto.s




Using -l parameter to load CommonCryptoLib

   -l "/sapmnt/<SID>/exe/uc/linuxx86_64/libsapcrypto.so"

  Platform:   linux-gcc-4.3-x86-64   (linux-gcc-4.3-x86-64)

  Versions:   SAPGENPSE       8.5.28 (May  8 2019)

              CommonCryptoLib 8.5.28 (May  8 2019) [AES-NI,CLMUL,SSE3,SSSE3]

                Build change list: 238087


  Environment variable $SECUDIR is defined:



Update  SAP Crypto library


  1. Download latest crypto library from SAP market place:

SAPDownload à Support Packages & Patches à By Category à SAP CRYPTOGRAPHIC SOFTWARE à SAPCRYPTOLIB à COMMONCRYPTOLIB 8 à <Select appropriate OS version> à Download latest SAR file

SAPCRYPTOLIBP_8528-20011697.SAR ---- for Linux X86_64


  1. Move SAR file from download basket to application server

Use winscp to move to application server


  1. UNCAR SAR file : (login with <SID>adm into application server



  1. Move uncared all content to Kernel

mv * /sapmnt/<SID>/exe/uc/linuxx86_64

Profile Parameters


Login into <Applicaion Server Host> as <sid>adm and remove below profile parameter







Define Https parameter 


Add below entry into Instance profile


icm/server_port_1 = PROT=HTTPS,PORT=52$$,TIMEOUT=30,PROCTIMEOUT=60


and restart the application server


Generate Certificate


  1. Transaction Code - /nstrust and click on edit.

2. Right click on SSL Server Standard and Select Create



3. Click on OK

4. Update entry as mentioned in the screenshot


5. Make sure Algorithm Overview as below -

6. Once you click on OK, you can see entry has been created.

7. Now, Create Certificate Request by clicking on button


8. Select algorithm as SHA256

And click on OK

9. Download certificate locally.

10. Save to your local machine.


Sign certificate from CA

Get your public key certificates signed by a CA.


Here we have used local internal WINDOWS server as certificate authority.

You can refer below blog to setup windows server as CA
(Reference from Virtuallythere “SSL : Part 1 : Building a Microsoft Certificate Authority for your lab”)


(Reference from Virtuallythere “SSL : Part 2 : Signing a CSR with your Microsoft Certificate Authority”)

Once you have setup windows server as CA then you can sign your CSR.


  1. Copy csr from local machine to windows server.



2. Open Server Manager --> Tools --> Certificate Authority



3. You can see pop-up like below -


4. Click on Submit new request


5. Browse the certificate from Server


6. Now you can see certificate in Pending Requests

7. Approve the certificate request (Click on All Tasks --> Issue)


8. After that, you can see certificate in the list of Issued certificate.


9. Right click and Open


10. Click on open > Details > Copy to File


11. Click on Next >Select PKCS#7 > Check mark for INCLUDE… > Click on Browse


12. Give name and click on SAVE > Verify location and click on Next > Click on Finish > Click on OK

Please note - you are saving file on windows server



13. Copy response file from Windows server to local machine.

Import Signed Response Certificate

1. Now back to SAP logon.

Double click on SSL server Standard entry


2. Click on Import Certificate Response 


3.Click on Import > Select the response file and click on Open  


4. You can see screen as below and then click on OK.

5. Click on SAVE


Finally cross check SSL configurationwith URL

https://<ABAP application Server host>:<https port>/sap/bc/gui/sap/its/webgui?sap-client=<client no....



You can make secure connection with SAP Analytics Cloud.
Labels in this area