Search EN Upload Download free for 30 days

 0 ratings · 100 views · 17 pages You might also like

How To Configure Tls - SSL in Sap Hana 2.0

100% (1)
10 Teorex Inpaint Universal Serial Keys
Get instant answers

9 pages
Uploaded by gagamel AI-enhanced title

No ratings yet
Document Information
How To Guide MFS With APC TCP v1.2

Save 0% 0% Embed Share Print Report

10 pages

Ask AI Download now

1 of 17  Search document  100% (1)
Download as pdf or txt Udemy The Complete Android Oreo Developer
Course - Build 23 Apps! 11

24 pages

No ratings yet
Saml Sso For Bi Platform To Hana V 1 0 0

28 pages

No ratings yet
Configuration of Warehouse Structure and
Master Data For SAP EWM

103 pages

No ratings yet
CDS Annotations Metadata Driven UIs PDF

58 pages

From Everand
Practical and Efficient SAS Programming: The
Insider's Guide
Martha Messineo

No ratings yet

No ratings yet
INTERNAL
SAP Analytics Cloud - Setup Live Data
How to Configure TLS/SSL in SAP HANA Connection Using SAP HANA Smart Data
Access
62 pages

Applicable Releases: No ratings yet

SAP HANA Hardware Configuration Check Tool
• SAP HANA 2, all SP S 2.0 PDF

Topic Area:
20 pages

• Configuration, Security
No ratings yet

Required capability of the operator: SAP - Utd - Incoming

• SAP HANA Database, TLS

14 pages

No ratings yet
Version 2.0.0 - J anuary 2022
SAP Business Objects Process Control 10.0
Automated Monitoring Overview

70 pages

No ratings yet
SAPNWB2B Security Guide b2b
1

18 pages

No ratings yet
Ad Download to read ad-free How To Create A New Event For E-Social - v2.0
PDF

33 pages

No ratings yet
Producer 9.5 Security Guide en-US

6 pages

No ratings yet

DOCUMENT HISTORY You're Reading a Preview Functional Guide

Document version Upload your documents to download.

Description
26 pages
1.0 First official release of this guide
2.0.0 Upload to Download
Update and extension
No ratings yet
SAP HANA Database - Partitioning and
Distribution of Large Tables PDF
OR
14 pages

Become a Scribd member to read and download full documents.

No ratings yet
ACR - Attachment - Service - VAT Reporting
Start your 30 day free trial

8 pages

No ratings yet
How-To Integrate Access Control 5.3 and
Business Warehouse 7.0

29 pages

No ratings yet
SAP BPC 7.0 NW Configuration Guide

11 pages

No ratings yet
B1H 90 HT SetUpDSForCRL PDF

8 pages

No ratings yet
Instructions For SAP Note 2068693v1.2 - en

30 pages

No ratings yet
B93 BB ConfigGuide en de

20 pages

No ratings yet
2
Hardening SUSE Linux For BIA

22 pages
Ad Download to read ad-free
No ratings yet
SAP SRM 7.0 SAP SRM On One Client With SAP
ERP

55 pages

No ratings yet
Sap Businessobjects Process Control 3.0 Portal
Installation Tips and Tricks

TABLE OF CONTENTS 38 pages

You're Reading a Preview

DOCUMENT HISTORY ..................................................................................................................................... 2
No ratings yet
BEFORE YOU START ...................................................................................................................................... 5 How To Setup Connection To A Remote HANA
Upload your documents to download.
Organizational Requirements ......................................................................................................................... 5 System For SAP Cloud For Analytics Via SAP
Trust stores ...................................................................................................................................................... 5 Web Dispatcher PDF
Certificates ....................................................................................................................................................... 6
Upload to Download 33 pages
Crypto Library .................................................................................................................................................. 6
Tools to create server certificates ................................................................................................................. 6
No ratings yet
sapgenpse ........................................................................................................................................................ 7
OR Pakete Verkauf e PDF
SAP HANA Web Dispatcher Admin tool ........................................................................................................ 8
CREATE THE PERSONAL SECURE STORE (PSE) FILE .............................................................................. 9
Become a............................................................................................................................
CLIENT CONFIGURATION Scribd member to read and download full documents. 11 74 pages
Database clients that connect via SQL interface to the SAP HANA system ........................................... 11
SAP HANA clients like JDBC, ODBC, SQLDBC .......................................................................................... 11 No ratings yet
Start your 30 day free trial
NetWeaver ABAP connection to SAP HANA database .............................................................................. 11 B1H WwApp FRMWRK 91
SAP HANA ODBC client connections to SAP HANA database................................................................. 12
SAP HANA studio connections to SAP HANA database ........................................................................... 12
SAP HANA XS Classic Web Application (XSC) .......................................................................................... 12
51 pages
SAP HANA Cockpit ........................................................................................................................................ 13
SAP HANA database Lifecycle Manager (LCM) via SAP Host Agent ....................................................... 13 No ratings yet
SAP HANA XS Advanced Web Applications (XSA) .................................................................................... 14 SP23 TA UserGuide
SAP start service (sapstartsrv) .................................................................................................................... 14
APPENDIX ...................................................................................................................................................... 16
Allow TLS v1.2 only for client connections ................................................................................................ 16
69 pages
For SAP HANA database............................................................................................................................... 16
For SAP HANA XS Advanced (XSA) ............................................................................................................ 16 100% (1)
Additional information .................................................................................................................................. 16 B1A WorkWith B1A 2

48 pages

No ratings yet
Badi Enhancement Process

48 pages

No ratings yet
How To Set Up Data Sources For CR Layouts in
B1H

9 pages

No ratings yet
BP S4H ANA S4CLD2108 22 Requirements EN
XX

28 pages
3

No ratings yet
AFS Release Notes PDF

Ad Download to read ad-free

37 pages

No ratings yet
How To Administer Trex

27 pages

No ratings yet
Cópia de How To Create A New Event For E-
Typographic Conventions Social - v1.7

Type Style Description

You're Reading a Preview 28 pages

Example Text Words or characters quoted

Upload your documents to download.
from the screen. These No ratings yet
include field names, screen Getting_started_HANA_Express
titles, pushbuttons labels,
menu names, menu paths, Upload to Download
and menu options.
Cross-references to other 10 pages
documentation OR
Example text Emphasized words or 100% (1)
phrases in body text, graphic S4H - 506 Intracompany Stock Transfer With
Become a Scribd
titles, and member to read and download full
table titles documents. Delivery Setup (BME)
Example text File and directory names and
their paths, messages,
36 pages
Start your 30 day free trial
names of variables and
parameters, source text, and
names of installation, No ratings yet
upgrade and database tools. Instructions For Key Replacement
Example text User entry texts. These are
words or characters that you
enter in the system exactly as
30 pages
they appear in the
documentation.
No ratings yet
<Example Variable user entry. Angle
text> brackets indicate that you SAP Cloud IAG AdminGuide
replace these words and
characters with appropriate
entries to make entries in the
system. 21 pages

EXAMPLE TEXT Keys on the keyboard, for

example, F2 or ENTER. No ratings yet
Integration of Sap TM With Sap Netweaver BW

Icons
32 pages

Icon Description
No ratings yet
Caution Ac200 en Col13 FV Inst A4
Important

Note
571 pages
Recommendation or Tip

Example No ratings yet

BRR S4HANA1809 BB ConfigGuide EN XX

10 pages

No ratings yet
PRC Integration With SAP

4
58 pages

No ratings yet
SAP S/4HANA - How To Create and Generate
Ad Download to read ad-free Backend Security Authorizations For SAP Fiori
2.0

11 pages

No ratings yet
0563 ConfigODBCConnToSAPHANA H2L

7 pages

SAP HANA supports encrypted communication for all external (client-server) communication and internal No ratings yet
1O6 S4HANAX BB ConfigGuide EN XX
communication.
You're Reading a Preview
SAP recommends using encrypted communication channels where possible.

Uploadone
The aim of this document is to describe your
waydocuments tosecure
of configuring download.
communication (TLS/SSL) in typical 24 pages

installation scenarios. The initial scenario described is an SAP HANA system installed on a single host with
incoming connections from HANA SQLDBC and HTTP clients for database and administrative access. No ratings yet
Upload to Download Installation Guide Groupware Connector 7.0

BEFORE YOU START OR

48 pages

Organizational Requirements
Become a Scribd member to read and download full documents. No ratings yet
How To Package and Deploy Extensions For
Important Lightweight Deployment in 9.1
Start your
You need profound knowledge of encryption 30 day
(TLS), free trial
certificate management and SAP HANA databases.
20 pages

Make yourself familiar with the configuration on the SAP HANA side by reading the relevant documentation:
No ratings yet
OpenText Runtime and Core Services 10.2.1 -
• SAP Note 2487639 - HANA Basic How-To Series - HANA and SSL - MASTER KBA
Configuration Parameter Reference Guide
• SAP HANA Security Guide for SAP HANA Platform > SAP HANA Network and Communication Security
• SAP HANA Security Guide for SAP HANA Platform > Certificate Management in the Database
• SAP HANA Security Guide for SAP HANA Platform >Certificate Management in the File System 85 pages
• SAP Note 2338952 - CommonCryptoLib 8.5: Configuration Profile Parameters
• SAP Note 3127404 - sapsrv.pse no longer contains a self-signed certificate as of SAP HANA database No ratings yet
2.0 SPS 06 End-to-End Diagnostics: Trouble Shooting
Guide Missing Data in Service Session From
Trust stores BI/CCDB
19 pages
The X.509 client certificates used for securing external communication channels and several user
authentication mechanisms can – or in some case must – be stored and managed in the SAP HANA No ratings yet
database.
SAP NW PO Sizing v3 2017

For more information, see: SAP HANA Security Guide for SAP HANA Platform > Certificate Management in
the Database
38 pages

Certificates stored in the SAP HANA database view SYS.CERTIFICATES are used for trust validation. They
No ratings yet
are the public-key certificates of trusted communication partners or root certificates from trusted Certification
Authorities. In other words, they contain the public part of a user's or component's public and private key 197 ERP605 BB ConfigGuide EN BR
pair.
Not all certificates can be stored in the database, in particular the certificates required to secure internal
communication channels using the system Public Key Infrastructure (system PKI), and HTTP client access 6 pages
(SAP HANA XS, classic model) using SAP Web Dispatcher. These certificates are contained in Personal
Security Environment (PSE) files located in the file system.
No ratings yet
Housekeeping For SAP HANA

30 pages

No ratings yet

5
Upg46c Sr2 Unix

244 pages

Ad Download to read ad-free No ratings yet

Material Management Settings

88 pages

No ratings yet
Replication Management Agent (RMA) 15.7.1
SP202: Configuration and Users Guide

44 pages

Example: Personal Security Environment files used on the SAP HANA server
You're Reading a Preview No ratings yet
Refx Es
Server PSE file Used for communication to the SAP HANA database from
Upload your documents to download.
SAPSSLS.pse SAP HANA XS-Classic clients and the SAP HANA internal Web dispatcher
6 pages
sapsrv.pse SAP HANA J DBC, ODBC client
Upload
SAP Host Agent, SAP HANAto Download
Studio
No ratings yet
SAP S/4HANA Advanced Compliance Reporting
Additional information: OR - Create Schema

• 2009878 - Purpose of the PSE Files in PSE Management of SAP Web Dispatcher
8 pages
• Become
SAP HANA SecurityaGuide
Scribd
formember
SAP HANAtoPlatform
read and download
> Certificate full documents.
Management in the File System

No ratings yet

Start your 30 day free trial DBA Cockpit

Certificates
The SAP HANA database owns a public and private key pair as well as a public-key certificate.
All databases (system database and tenant databases) can have their own key pair and public key 337 pages
certificate. In distributed SAP HANA systems, every host must have its own key pair and public key
certificate.
No ratings yet
CDS Annotations For Metadata Driven UIs PDF
The SAP HANA database uses its private/own certificate to validate public keys provided by clients.
By default, the HANA server does not validate the client certificates. You can enable validation of the client's
identity on the server by changing the parameter [communication] sslValidateCertificate in the 58 pages
global.ini file to true.
From Everand

For further information see: SAP HANA Security Guide for SAP HANA Platform Learn HANA in 24 Hours
Alex Nordeen
>Server-Side TLS/SSL Configuration Properties for External Communication (J DBC/ODBC)
> TLS/SSL Configuration on the SAP HANA Server
5/5 (1)

Crypto Library
No ratings yet
SAP HANA uses the CommonCryptoLib installed with the database. Mock Sample

Note
11 pages
OpenSSL is deprecated. If you are still using OpenSS L, please migrate to CommonCryptoLib (SAP Note
2093286).
No ratings yet
Quote - MahaPartners - Server Room & EMS -
240131 (CC) (V2)
Tools to create server certificates
You can use the tools provided with OpenSSL to create server certificates.
2 pages

If you are using CommonCryptoLib, you can also use the SAP Webdispatcher administration tool or the
SAPGENPSE tool, both of which are delivered with SAP HANA. No ratings yet
Hayden Cooper - Managing Your Digital
Footprint

1 page

6
No ratings yet
A Detailed Analysis of The Gafgyt Malware
Targeting IoT Devices

Ad Download to read ad-free 38 pages

No ratings yet
The Facebook Effect

1 page

No ratings yet
User Manual: Bacnet/Ip Slave / Modbus Slave -
Converter Bacnet MS/TP Slave / Modbus Slave
sapgenpse - Converter

You're Reading a Preview

Use the sapgenpse tool in combination with the CommonCryptoLib. Both are delivered with your SAP
32 pages

HANA installation (default location: /usr/sap/<sid>/HDB<instance>/exe) No ratings yet

Upload your documents to download. Articulo 3 PDF
For more information, see: SAP HANA Security Guide for SAP HANA Platform > TLS/SSL Configuration on
the SAP HANA Server
Upload to Download
25 pages

sapgenpse shows its version, the version of CommonCryptoLib, as well as the environment variable
$SECUDIR. OR No ratings yet
Free Labs To Train Your Skills in Pentesting

Log on to the SAP HANA host as <sid>adm and execute

Become a Scribd member to read and download full documents.
> sapgenpse
3 pages
...
Start your 30folder
Loaded CommonCryptoLib from sapgenpse day free trial
No ratings yet
"/usr/sap/AUS/HDB09/exe/libsapcrypto.so"
Platform: linux-gcc-4.3-x86-64 (linux-gcc-4.3-x86-64) Crypto Part12 MAC
Versions: SAPGENPSE 8.5.40 (Aug 26 2021)
CommonCryptoLib 8.5.40 (Aug 26 2021) [AES-NI,CLMUL,SSE3,SSSE3]
Build change list: 244259
5 pages
USER="<sid>adm"
Environment variable $SECUDIR is defined: No ratings yet
"/usr/sap/<SID>/HDB<INSTANCE>/<hostname>/sec"
Datasheet Eltek Network Utility - ENU PDF

The parameter tlsinfo shows information about the properties of the cipher suites.
> sapgenpse tlsinfo <configured TLS Cipher Suites> 2 pages

Example:
No ratings yet
> sapgenpse tlsinfo PFS:HIGH::EC_HIGH:+EC_OPT
WINDOWS SERVER NOTES (Latest)
Running in server mode
Configured protocol versions:
TLSv1.0, TLSv1.1, TLSv1.2 68 pages

Enabled cipher suites:

No ratings yet
TLS_ECDHE_RSA_WITH_AES128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES256_GCM_SHA384 Blue Prism Interview Questions and Answers:
TLS_ECDHE_RSA_WITH_AES128_CBC_SHA What Is Blue Prism? - Features, Components,
TLS_ECDHE_RSA_WITH_AES256_CBC_SHA384 Benefits, Payscale
TLS_ECDHE_RSA_WITH_AES256_CBC_SHA
... 49 pages

By default, the SAP HANA system uses the cipher suites defined in: No ratings yet
Open Source Intelligence Tools (OSINT)
global.ini
[communication]
sslciphersuites=PFS:HIGH::EC_HIGH:+EC_OPT
19 pages

100% (1)
World War 1 Homework Ideas

7
6 pages

No ratings yet
Official User Guide: Linux Mint 18

Ad Download to read ad-free

52 pages

100% (1)
Splunk70ClusterAdmin CourseDescription

1 page

25% (12)

Important Autobiography of A Yogi in Tamil PDF Free PDF

You're Reading a Preview

Always use TLSv1.2 or higher , since TLSv1.0 and TLSv1.1 are insecure.

2 pages
Upload your documents to download.
SAP HANA Web Dispatcher Admin tool
No ratings yet
Trace Processing For HTTP: Tcpdump
Upload
The SAP HANA Web Dispatcher Administration toolto Download
based on XS Classic provides a simple way to configure Tcpdump Stdout Tcpdump
TLS. It is available on the SAP HANA XS Web server at the following URL:

3 pages
OR
http://<WebServerHost>:80<SAPHANAinstance>/sap/hana/xs/wdisp/admin/

No ratings yet
Become
For more information aboutathe
Scribd member
SAP Web to read
Dispatcher and download
administration full
tool, see: documents. FFT Aura Fence Operations Manual v20

• SAP HANA Administration Guide for SAP HANA Platform > Configure HTTPS (SSL) for Client
Application Access
Start your 30 day free trial 90 pages
• SAP Note 2009483 - PSE Management in Web Administration Interface of SAP Web Dispatcher
• SAP Note 2502174 - HANA Basic How-To Series - Securing HANA XS classic via SSL / HTTPS -
No ratings yet
using Web Dispatcher Administration and pse container (Microsoft CA edition) - SYSTEMDB
Efthimiou AARNET SIP Lab Guide Excerpt

5 pages

No ratings yet
SAPNew - Technical Blog

15 pages

No ratings yet
Social Media Show Good Image of The Job
Applicants: I. Example

3 pages

No ratings yet
astm RNI structure rfc9434

28 pages

No ratings yet
Civil Engineer Resume

2 pages

No ratings yet
Writing Effective Emails
8

7 pages

No ratings yet
Ad Download to read ad-free DPC3210DX User-Guide en 40ba

145 pages

No ratings yet
For Sending ETECH Lesson 6 Week 7

45 pages

CREATE THE PERSONAL SECURE STORE (PSE) FILE

No ratings yet

You're Reading a Preview

Create the server's public and private key pair in addition to the public-key certificate.
Guide - Browser and Device Fragmentation

Refer to the comprehensive documentation in:

Upload your documents to download.
7 pages
• SAP HANA Security Guide for SAP HANA Platform > TLS/SSL Configuration on the SAP HANA Server
Upload to Download Ad Download to read ad-free

This step is required for file-based and in-database certificate store configuration.

OR
1. Log on to the SAP HANA host as <sid>adm.

Become
2. Always use a ScribdDomain
Fully Qualified member to read
Names andfordownload
(FQDN) the host. full documents.

3. Create a new PSE file and a public and private key pair, as well as the public-key certificate and a
certification request file.
Start your 30 day free trial

> sapgenpse gen_pse -v -s 2048 -p cert.pse -r cert.csr -k GN-

dNSName:<hostname with FQDN> "CN=<hostname with FQDN>, O=<your
organization>, C=<your country>"

-v verbose output
-s <size> key size in Bits (default=alg-specific, rsa=DEFAULT_RSA_KEYSIZE,
dsa=DEFAULT_DSA_KEYSIZE).
-p <pse-file> path and name for (new) PSE file
-r <req-file> path and name for PKCS#10 certificate signing request file
-k <name> Add Subject Alternative Names to the certification request. Repeat the -k option for
every FQDN of the host.

Important
Unless you are using SAPGENPSE, do not password protect the keystore file cert.pse that
contains the server's private key. When using the SAP Web Dispatcher administration tool to
create a personal security environment (PSE) for the server, do not specify a PIN.

As a result, you will get two files:

• The public certificate of the host in the Personal Secure Stores file cert.pse
• The certificate signing request in file cert.csr

4. Sign the certificate signing request in file cert.csr with a trusted Certificate Authority (CA).

If available, choose PKC S #7 as the output format (as this will include all CA certificates).

5. Copy the content to a new file on the server, e.g., signed_cert.p7b.

Ad Download to read ad-free

6. Import the signed certificate in file signed_cert.p7b into the server PSE file by executing:

You're Reading a Preview

> sapgenpse import_own_cert -p cert.pse -c signed_cert.p7b
7. As a result, you now have a file containing the signed certificates in the PSE store named
cert.pse which is your template for various clients.
Upload your documents to download.

Note
Upload to Download
If the signed certificate file signed_cert.p7b does not contain the CA certificates you need to import
them from a separate file using option -r of sapgenpse:

OR -c signed_cert.p7b -r <additional
> sapgenpse import_own_cert -p cert.pse
file containing RootCA certificate(s)>

Become a Scribd member to read and download full documents.

Start your 30 day free trial

10

Ad Download to read ad-free

CLIENT CONFIGURATION

You're Reading a Preview

Depending on the scenario of the SAP HANA client usage, the newly created PS Es have to be properly
named and placed.
Upload your documents to download.
For more information, see: SAP HANA Developer's Information Atlas > SAP HANA Custom Application-
Development Scenarios
Upload to Download
Database clients that connect via SQL interface to the SAP HANA system

OR
These clients are:
• SAP HANA J DBC client, e.g., NetWeaver J AVA, SAP HANA Studio
•
Become a Scribd member to read and download full documents.
SAP HANA SQLDBC client, e.g., NetWeaver ABAP and its derivates ODBC, ADO.NET, MDX,
Python API

Start your 30 day free trial

SAP HANA clients like JDBC, ODBC, SQLDBC

These connections use the sapsrv.pse trust store on the SAP HANA system.

1. Log on to the SAP HANA host as <sid>adm.

2. Copy the PSE file cert.pse, which you created in the previous chapter, to folder:
$SECUDIR (default = /usr/sap/<SID>/HDB<instance-no>/<host>/sec)

3. Rename the existing sapsrv.pse file to .old:

> mv $SECUDIR/sapsrv.pse $SECUDIR/sapsrv.pse.old

4. Make the new cert.pse the trust store by renaming it:

> mv $SECUDIR/cert.pse $SECUDIR/sapsrv.pse

5. Restart the SAP HANA system.

NetWeaver ABAP connection to SAP HANA database

Please refer to the NetWeaver documentation and corresponding SAP notes about where to place the trust
store file cert.pse which you created in the previous chapter.

Refer to the comprehensive documentation in:

• Transport Layer Security on the AS ABAP > Configuring SAP NetWeaver AS for ABAP to Support
TLS
• 2475246 - How to configure HANA DB connections using SSL from ABAP instance

Useful SAP Notes:

• 1761693 - Additional CONNECT options for SAP HANA
• 2843930 - Appl.Server can't connect to HANA Database using encryption using $(SECUDIR)
• 2846403 - ERROR Connection failed ... Cannot create SSL context: ... The PSE file does not exist
• 2919754 - In-Database SSL/TLS Certificate Management for Specific Host Names Still Requires the
Default PSE Store in File sapsrv.pse

11

Ad Download to read ad-free

Ad Download to read ad-free

SAP HANA ODBC client connections to SAP HANA database

You're Reading a Preview

Add the public-key certificate of the SAP HANA server or the root certificate to the trust store which is used
by the HANA ODBC client.
Upload your documents to download.

Set the relevant connection properties for secure communication to the server:
Upload to Download
• SAP HANA Security Guide for SAP HANA Platform >Client-Side TLS/SSL Connection Properties
(ODBC)
SAP HANA Client Interface Programming Reference > Connect to SAP HANA via ODBC
•
OR

Become
SAP HANA studio a Scribd
connections member
to SAP HANAtodatabase
read and download full documents.

Refer to the comprehensive documentation in:

Start your 30 day free trial
• SAP HANA Administration with SAP HANA Studio > Configure TLS/SSL for SAP HANA Studio
Connections
• 2487698 - HANA Basic How-To Series - HANA and SSL - establishing a secured J DBC connection
using HANA Studio

SAP HANA XS Classic Web Application (XSC)

Port 43xx (HTTP S)

Refer to the comprehensive documentation in:

• SAP HANA Administration Guide for SAP HANA Platform
> Configure HTTPS (SSL) for Client Application Access
> Configure HTTP(S) Access to Tenant Databases via SAP HANA XS Classic

• SAP Note 2502174 - HANA Basic How-To Series - Securing HANA XS classic via SSL / HTTPS -
using Web Dispatcher Administration and pse container (Microsoft CA edition) - SYSTEMDB

SAP HANA XS-Classic applications and SAP HANA internal Web Dispatcher use the SAPSSLS.pse trust
store on the SAP HANA host:

1. Log on to the SAP HANA host as <sid>adm.

2. Copy the PSE file cert.pse, which you created in the previous chapter, to folder:
$SECUDIR (default = /usr/sap/<SID>/HDB<instance-no>/<host>/sec)
3. Rename the existing SAPSSLS.pse file to .old:
> mv $SECUDIR/SAPSSLS.pse $SECUDIR/SAPSSLS.pse.old
4. Make the new cert.pse the trust store by renaming it:
> mv $SECUDIR/cert.pse $SECUDIR/SAPSSLS.pse
5. Restart the SAP HANA internal Web Dispatcher or the HANA system

12

Ad Download to read ad-free

SAP HANA Cockpit

Refer to the comprehensive documentation in: You're Reading a Preview

• SAP HANA Administration with SAP HANA Cockpit > Security Considerations for SAP HANA
Cockpit Upload your documents to download.
• 2631903 - HANA Basic How-To Series - Securing HANA 2.0 Cockpit (or WebIDE) running on XSA
via SSL / HTTPS (EXAMPLE: Microsoft CA edition)
Upload to Download

OR
SAP HANA database Lifecycle Manager (LCM) via SAP Host Agent

Port 1129 Become a Scribd member to read and download full documents.

Refer to the comprehensive documentation in:

Start your 30 day free trial
• SAP Host Agent >SSL Configuration for the SAP Host Agent

Use the trust store SAPSSLS.pse of the SAP Host Agent.

Do not password protect the SAPSSLS.pse file.

1. Log on to the host where the SAP Host Agent is installed as user root.
2. Copy the PSE file cert.pse, which you created in the previous chapter, to folder:
$SECUDIR (default = /usr/sap/hostctrl/exe/sec)
3. Rename the existing SAPSSLSv.pse file to .old:
> mv $SECUDIR/SAPSSLS.pse $SECUDIR/SAPSSLS.pse.old
4. Make the new cert.pse the trust store by renaming it:
> mv $SECUDIR/cert.pse $SECUDIR/SAPSSLS.pse
5. Delete an existing file cred_v2.

6. Restart the SAP Host Agent:

> /usr/sap/hostctrl/exe/hostexecstart -restart

Further source of information:

• Blog: SSL Configuration of the SAP Host Agent

13

Ad Download to read ad-free

SAP HANA XS Advanced Web Applications (XSA)

You're Reading a Preview

These connections use the certificates deployed to the default domain (default entry point to all applications
and services via the Platform Router).
Upload your documents to download.
Note
The ports used depend on XSA routing mode as described in:
Upload to Download
• SAP HANA Administration Guide for SAP HANA Platform > Maintaining Application Routes in XS
Advanced
OR
• 2245631 - Routing Mode and Default Domain configuration for SAP HANA extended application
services, advanced model
Become a Scribd member to read and download full documents.
XSA requires the certificate in PEM format. Therefore, you must convert your certificate:

1. Log on to the SAP HANA host as <sid>adm.

Start your 30 day free trial
2. Convert the cert.pse , which you created in the previous chapter, into to PEM format:
a) Export the keys in P KCS#12 transfer format:
sapgenpse export_p12 -p sapsrv.pse sapsrv.p12

b) Create a certificate file:

openssl pkcs12 -nodes -nokeys -in sapsrv.p12 -out sapsrv.pem

3. Install the PEM file in XSA as described in:

SAP HANA Administration Guide for SAP HANA Platform > Maintaining Trust Certificates in XS
Advanced

Additional information:
• Blog: Upgrading HANA XSA & WebIDE + SSL Configuration

SAP start service (sapstartsrv)

port 5xx14
These connections can be configured to use the SAPSSLS.pse trust store of the SAP HANA host.

1. Log on to the host as <sid>adm.

2. Edit the sapstartsrv instance profile file:
/hana/shared/<SID>/profile/<SID>_HDB<instance-no>_<host>
3. Search for line starting with SECUDIR :
SECUDIR = $(SAP_RETRIEVAL_PATH)/sec
4. Add underneath the SECUDIR line:
ssl/server_pse=$(SAP_RETRIEVAL_PATH)/sec/SAPSSLS.pse

This is required as by default sapstartsrv searches for SAPSSLS.pse in path:

/usr/sap/<SID>/<Instance>/sec

5. Restart the sapstartsrv service:

14

Ad Download to read ad-free

Ad Download to read ad-free

> sapcontrol -nr <instance-no> -function RestartService

Additional information:
You're Reading a Preview
Blog: SAP HANA Under The Hood – SAPInit and SAPStartSrv
•
Upload your documents to download.

Upload to Download

OR

Become a Scribd member to read and download full documents.

Start your 30 day free trial

15

Ad Download to read ad-free

APPENDIX

You're Reading a Preview

Allow TLS v1.2 only for client connections
Upload your documents to download.
You want to prohibit the usage of all TLS versions below TLS v1.2 for connections to the SAP HANA system.
Upload to Download
For SAP HANA database

• J DBC/ODBC connections to the HANA DB asOR

described in SAP HANA Security Guide for SAP
HANA Platform >Server-Side TLS/SSL Configuration Properties for External Communication
(J DBC/ODBC)
•
Become
XS-Classic: It is notapossible
Scribd member
to directly to readthe
restrict and download
TLS full documents.
version accepted from XS-Classic. This must
be done via the Web Dispatcher.
• Web Dispatcher: The parameter mentioned in SAP Note 2829919 also applies to the internal SAP
HANA Web Dispatcher:
Start your 30 day free trial
global.ini [communication] sslminprotocolversion =TLS12
• 2829919 - How to enable TLS 1.2 for all Hana ports

For SAP HANA XS Advanced (XSA)

• 2852432 - How to disable TLS 1.0 and 1.1 on HANA XSA?

• 510007 - Additional considerations for setting up SSL on Application Server ABAP

Additional information

Blogs:

• HANA secure network communication – part I

• HANA secure network communication – part II

16

Ad Download to read ad-free

You're Reading a Preview

Upload your documents to download.

Upload to Download

OR

Become a Scribd member to read and download full documents.

Start your 30 day free trial

www.sap.com/contactsap

©2021 SAP S E or an SAP affiliate company. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company.

The information contained herein may be changed without prior notice. Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors.
National product specifications may vary.

These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, withoutrepresentation or warranty of any kind, and SAP or its affiliated companies shall not be liable
for errors or omissions with respect to the materials. The only warranties for SAP or SAP affiliate company products and services are those that are set forth in the express warranty statements
accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.

In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality
mentioned therein. This document, or any related presentation, and SAP SE’s or its affiliated companies’ strategy and possible future developments, products, and/or platform directions and functionality are
all subject to change and may be changed by SAP SE or its affiliated companies at any time for any reason without notice. The information in this document is not a commitment, promise, or legal obligation
to deliver any material, code, or functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are
cautioned not to place undue reliance on these forward-looking statements, and they should not be relied upon in making purchasing decisions.

SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other
countries. All other product and service names mentioned are the trademarks of their respective companies. Se e www.sap.com/trademarkfor additional trademark information and notices.

Reward Your Curiosity

Everything you want to read.
Anytime. Anywhere. Any device.

Read free for 30 days Ad

No Commitment. Cancel anytime.

Share this document

    
We and our 10 partners store and access information on your device for personalized ads and content. Personal data may be processed, such as cookie identifiers, unique device identifiers, and browser information. Third parties may store and
access information on your device and process this personal data. You may change or withdraw your preferences by clicking on the cookie icon or link; however, as a consequence, you may not see relevant ads or personalized content.
Our website may use these cookies to:
Measure the audience of the advertising on our website, without profiling
Customize Your Choices
Display personalized ads based on your navigation and your profile
Personalize our editorial content based on your navigation
Allow you to share content on social networks or platforms present on our website Accept All
Send you advertising based on your location
Ad
About Ad Suppor t Legal Social Get our fr ee apps
Privacy Policy Continue Without Accepting
Third Parties
About Scribd Help / FAQ Terms Instagram
Storage Targeted Advertising Personalization Analytics Twitter
Everand: Ebooks & Audiobooks Accessibility Privacy
SlideShare Purchase help Copyright Facebook

Press AdChoices Cookie Preferences Pinterest

Join our team! Do not sell or share my personal

information
Contact us

Invite friends

Documents
Language: English Copyright © 2025 Scribd Inc.