SAP Knowledge Base Article - Preview

3525536 - How-to: Configuring SSL/TLS trust between SAP HANA Cockpit 2.0 and a registered database using in-database PSEs

Symptom

This guide describes how to configure one-way or two-way (mutual) SSL/TLS between SAP HANA Cockpit 2.0 and a registered HANA database using Certificate Management in the Database. SAP recommends leveraging in-database Personal Security Environment (PSE) stores as this allows certificates to be maintained and replaced without restarting the database.

If you would like to use Certificate Management in the File System, please see chapter 3 of How to Secure SAP HANA Cockpit Step-by-Step. However, please be advised that sapsrv.pse does not contain a self-signed certificate by default as of HANA 2.0 SPS06 as described by 3127404; therefore, additional set-up will be required.

The configuration described by this guide is required if:

  • You are registering a HANA database with option Validate the certificate enabled in Cockpit Manager:
  • You are registering a HANA database that maintains configuration parameter global.ini > [communication] > sslvalidatecertificate = true.

Important Note: This guide only demonstrates how to secure the JDBC communication between the HANA Cockpit Backend and a registered HANA 2.0, platform edition database. This guide does not cover securing the HTTP communication between the browser used to access HANA Cockpit and the HANA Cockpit backend.

Images/data in this KBA are from SAP internal systems, sample data, and/or demo systems. Any resemblance to real data is purely coincidental.


Read more...

Environment

  • SAP HANA Cockpit 2.0
  • SAP HANA, platform edition 2.0

Product

SAP HANA, platform edition 2.0

Keywords

KBA , HAN-CPT-CPT2-SEC , SAP HANA Cockpit 2 (Security) , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.