Creating Certificate Using OpenSSL and Importing it into SAP HANA Web Dispatcher

| Analytics , SAP HANA ,

HANA Web Dispatcher comes with a self-signed SSL certificate that makes the connection insecure. In this blog, we have outlined the step by step process to create an SSL certificate using OpenSSL and import it into SAP HANA web dispatcher

Setting-Up your own CA:

Step 1: Install OpenSSL

Step 2: Navigate to OpenSSL/bin folder and open command prompt and set the Variable path using the command below

set OPENSSL_CONF=C:\OpenSSL\bin\openssl.cfg   (Mention path according to your OpenSSL installed path)

set RANDFILE=.rnd  (Run this command as it is)

create-certificate-using-openssl-for-sap-hana

Step 3: Create a “.\demoCA” directory in OpenSSL/bin folder. Create another directory newcerts in “.\demoCA” directory

create-certificate-using-openssl-for-sap-hana

Step 4: Copy .\bin\pem\democa\serial  to .\demoCA

Step 5: Create an empty index.txt file via notepad .\demoCA\index.txt

Step 6: Change organizationName = optional in .\bin\openssl.cfg. Check the screen shot below for the updated config file

create-certificate-using-openssl-for-sap-hana

Step 7: Navigate to OpenSSL Bin folder and run the commands below:

To create your own secure 4096 bit private key –

openssl genrsa -des3 -out rootca.pem 4096

To Create your secure SHA-256 root CA certificate –

openssl req -new -x509 -sha256 -extensions v3_ca -key rootca.pem -out rootca.crt -days 365

create-certificate-using-openssl-for-sap-hana

Creating a Server Certificate:

Step 1: Create a CA request in HANA web dispatcher page. Copy and paste the request in notepad and save it as “sslreq.csr”. Copy the “sslreq.csr” to ../OpenSSL/bin folder

create-certificate-using-openssl-for-sap-hana

Step 2: Sign the certificate by using the command below

openssl ca -cert rootca.crt -keyfile rootca.pem -out sslreq.crt -infiles sslreq.csr

create-certificate-using-openssl-for-sap-hana

Step 3: crt and sslreq.crt files will be created in ../OpenSSL/bin folder. Open the sslreq.csr and rootca.csr in a text editor copy and paste the content in the web dispatcher to import CA response. Click on import.

create-certificate-using-openssl-for-sap-hana

create-certificate-using-openssl-for-sap-hana

Step 4: Import the rootca.crt file created in ../openssl/bin folder to the browser (Recommended browser – Firefox)

create-certificate-using-openssl-for-sap-hana

With these settings, the HANA Web Dispatcher connection is secure. Here on, whenever we login to SAP HANA, a window will appear asking for the user credentials.

Share with:

FacebookTwitterLinkedIn