Generating SSL certificates for hana does not update the Cockpit/XS SSL Certificates
Solution:
IF
the normal HANA Certificates and PSE files are already existing you can just
continue with the commands below.
Please keep in mind that the XSA will be automatically restarted at the end and that the HANA Cockpit will therefore be temporarily unavailable.
Please keep in mind that the XSA will be automatically restarted at the end and that the HANA Cockpit will therefore be temporarily unavailable.
Procedure is described in the note 2631903 - HANA Basic
How-To Series - Securing HANA 2.0 Cockpit via SSL / HTTPS (EXAMPLE: Microsoft
CA edition)
Useful commands
cp -p blueprint_sapsrv.pse cockpithttps.pse
sapgenpse export_p12 -p cockpithttps.pse -C 0 cockpithttps.12
mv cockpithttps.12.p12 cockpithttps.p12
openssl pkcs12 -in cockpithttps.p12 -nocerts -nodes | sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > privatekey.key
openssl pkcs12 -in cockpithttps.p12 -clcerts -nokeys | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > certificate.pem
openssl pkcs12 -in cockpithttps.p12 -cacerts -nokeys | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > cachain.pem
cat certificate.pem cachain.pem > combinedcerts.pem
TAKE CARE - XSA WILL BE RESTARTED NOW!!!
XSA set-certificate --cert combinedcerts.pem --key privatekey.key
No comments:
Post a Comment