SAP Knowledge Base Article - Preview

3150205 - HANA Cockpit shows blank page when sslenforce is enabled

Symptom

You followed SAP note 2300943 to enable SSL encrypted connections from SAP HANA Cockpit to the underlying SAP HANA database, where HANA Cockpit is running on (e.g SYSTEMDB or COCKPITDB).

When open HANA Cockpit, it shows blank page.
If set parameter global.ini [communication] sslenforce = false, HANA Cockpit can be opened successfully.

In sap-portal-persistency log, same or similar error messages as below, are observed.
-------------------------------
Connection failed (RTE:[300015] SSL certificate validation failed: host name '<hostname>' does not match names in certificate: '<hostname>.<domain1.com>, <hostname>.<domain2.com>' (<hostname>:39613))#
-------------------------------

sap-portal-persistency log can be collected via command: xs logs sap-portal-persistency --last 1000 > /tmp/sap-portal-persistency.log


Checked env variables via command: xs env cockpit-persistence-svc, the hostname (see below) neither match CN nor included in "Subject Alternative Names" of the DB certificate.
-------------------------------
...
    "hana" : [ {
      "name" : "cockpit-datasource",
      "label" : "hana",
      "tags" : [ "hana", "database", "relational" ],
      "plan" : "securestore",
      "credentials" : {
        "schema" : "...",
        "tenant_name" : "COCKPITDB",
        "db_hosts" : [ {
          "port" : 30041,
          "host" : "<hostname>"
        } ],
        "certificate" : "-----BEGIN CERTIFICATE-----\n...=\n-----END CERTIFICATE-----\n",
        "url" : "jdbc:sap://<hostname>:30041/?encrypt=true&validateCertificate=true&hostNameInCertificate=<hostname>.<domain>&currentschema=USR_....",
        "hostname_in_certificate" : "<hostname>.<domain1.com>",
        "password" : "...",
        "driver" : "com.sap.db.jdbc.Driver",
        "port" : "30041",
        "encrypt" : true,
        "validate_certificate" : true,
        "host" : "<hostname>",
        "user" : "..."
      }
    } ]
...
-------------------------------

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.


Read more...

Environment

  • SAP HANA, platform edition 2.0
  • SAP HANA Cockpit 2.0

Product

SAP HANA, platform edition 2.0

Keywords

HANA Cockpit, blank page, empty page, Connection failed, SSL certificate validation failed: host name, does not match names in certificate, SSL, sslenforce, sslvalidatecertificate , KBA , HAN-CPT-CPT2-SEC , SAP HANA Cockpit 2 (Security) , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.