Symptom
This guide describes how to configure one-way or two-way (mutual) SSL/TLS between SAP HANA Cockpit 2.0 and a registered HANA database using Certificate Management in the Database. SAP recommends leveraging in-database Personal Security Environment (PSE) stores as this allows certificates to be maintained and replaced without restarting the database.
If you would like to use Certificate Management in the File System, please see chapter 3 of How to Secure SAP HANA Cockpit Step-by-Step. However, please be advised that sapsrv.pse does not contain a self-signed certificate by default as of HANA 2.0 SPS06 as described by 3127404; therefore, additional set-up will be required.
The configuration described by this guide is required if:
- You are registering a HANA database with option Validate the certificate enabled in Cockpit Manager:
- You are registering a HANA database that maintains configuration parameter global.ini > [communication] > sslvalidatecertificate = true.
Important Note: This guide only demonstrates how to secure the JDBC communication between the HANA Cockpit Backend and a registered HANA 2.0, platform edition database. This guide does not cover securing the HTTP communication between the browser used to access HANA Cockpit and the HANA Cockpit backend.
Images/data in this KBA are from SAP internal systems, sample data, and/or demo systems. Any resemblance to real data is purely coincidental.
Read more...
Environment
- SAP HANA Cockpit 2.0
- SAP HANA, platform edition 2.0
Product
Keywords
KBA , HAN-CPT-CPT2-SEC , SAP HANA Cockpit 2 (Security) , How To
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.