How to Configure Open SSL for SAP HANA Studio to SAP HANA Server**PremG**
SAP HANA Server and SAP HANA Studio are not delivered by hardware vendors with secure socket layer (SSL) communication enabled. As an added layer of security SAP HANA Administrators are encouraged to enable SSL communication between SAP HANA server nodes, between SAP HANA clients, as well as between SAP HANA Studio and SAP HANA Server. SAP HANA supports use of either the SAPCrypto libraries or OpenSSL to secure communication. This guide walks through the steps required to configure and enable OpenSSL communication between SAP HANA Studio and SAP HANA Server.
Details in the error log can be found in the IndexServer_alert_*.trc diagnostics file in HANA Studio’s Administrative perspective
CONFIGURE SAP HANA SERVER TO SUPPORT SSL As user ‘root’, check for existence of libssl.so, if the file does not exist create a symbolic link to libssl.so.0.9.8:
ls -l /usr/lib64 |grep ssl
ln -s /usr/lib64/libssl.so.0.9.8 /usr/lib64/libssl.so
ls -l /usr/lib64 |grep ssl
Create the Root Certificate cd /usr/sap/SID/home
mkdir .ssl
openssl req -new -x509 -newkey rsa:2048 -days 3650 -sha1 -keyout CA_Key.pem - out CA_Cert.pem -extensions v3_ca
Generating a 2048 bit RSA private key
Create the Server Certificate
openssl req -newkey rsa:2048 -days 365 -sha1 -keyout Server_Key.pem -out Server_Req.pem -nodes
Generating a 2048 bit RSA private key ....................+++ ..................................+++
Sign the Server Certificate
openssl x509 -req -days 365 -in Server_Req.pem -sha1 -extfile /etc/ssl/openssl.cnf -extensions usr_cert -CA CA_Cert.pem -CAkey CA_Key.pem -CAcreateserial -out Server_Cert.pem
Chain the Certificate
cat Server_Cert.pem Server_Key.pem CA_Cert.pem > key.pem
cat key.pem -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -----END CERTIFICATE-----
Copy the Certificate to Trust.pem
RESTART HANA SERVER
Import ‘trust.pem’ into the Java keystore on the client
As user ‘Administrator’, or with administrative access, import trust.pem into Java’s keystore. Confirm that the Microsoft Window’s environment variable %JAVA_HOME% matches the version of Java in the OS path, as well as matches that shown in HANA Studio’s Help | About | Installation Details.
Execute the following command, ensure that ..\jre\lib\security\cacerts file exists prior to executing the keytool command. Note only a single prompt for password should occur.
Enable SSL Communication within HANA Studio
Confirm that HANA Studio will now communicate using SSL, the hover tooltip should now show SSL, and the system node icon should show a small lock.
IT TECHNOLOGY CONSULTANT at SAP
7 年Thanks