Cause:
AP HANA 2.0 Cockpit is based on SAP HANA XS Advanced (XSA) which handles certificates a bit different than the former XS classic implementation.
The XSA SSL certification is sometimes overwritten with a new installation/update.
Solution:
You need to bundle the certificate chain and import it to the XSA cert path.
Export certificates for XSA
sapgenpse export_p12 -p cockpithttps.pse -C 0 cockpithttps.p12
Export private key, certificate and CA chain & combine certificate and CA chain into 1 file.
- openssl pkcs12 -in cockpithttps.p12 -nocerts -nodes | sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > privatekey.key
- openssl pkcs12 -in cockpithttps.p12 -clcerts -nokeys | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > certificate.pem
- openssl pkcs12 -in cockpithttps.p12 -cacerts -nokeys | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > cachain.pem
- cat certificate.pem cachain.pem > combinedcerts.pem
- openssl pkcs8 -topk8 -in privatekey.key -out private_pkcs8.key -nocrypt
Implement private key and combined certificate file to XSA
1. xs set-certificate <DOMAIN> -c combinedcerts.pem -k private_pkcs8.key
2. XSA restart
(( Get the domain from commands : xs domains ))
Opening the Cockpit URL should now change to new SSL Certs
Cool Post.
ReplyDeleteSAP Training in Chennai
SAP ABAP Training in Chennai
SAP FICO Training in Chennai
SAP MM Training in Chennai
SAP SD Training in Chennai