Wednesday, 26 October 2016

Secure your HANA Cloud Connector with OpenSSL certificates – Part 1

Out of the box, the HANA Cloud Connector (SCC) is not secure, as clearly documented by the General Security Status:

Secure your HANA Cloud Connector with OpenSSL certificates – Part 1

As mentioned in the General Security Status, the out of the box SSL certificate does not use the host name as its common name (CN) and is therefore not trusted:

Secure your HANA Cloud Connector with OpenSSL certificates – Part 1

It is still possible to work with the SCC in this state via a browser security exception, but I will show how to properly secure the connection.

First I crate a Certificate Signing Request (CSR) with the correct hostname as CN:

Secure your HANA Cloud Connector with OpenSSL certificates – Part 1

And save it as a file:

Secure your HANA Cloud Connector with OpenSSL certificates – Part 1

I then import this file into TinyCA:

Secure your HANA Cloud Connector with OpenSSL certificates – Part 1

And check that the details are correct:

Secure your HANA Cloud Connector with OpenSSL certificates – Part 1

Next, I sign the request:

Secure your HANA Cloud Connector with OpenSSL certificates – Part 1

And export the resulting certificate to file:


After importing it into my SCC:

SAP HANA Certifications

I restart my SCC and the connection becomes secure:

Secure your HANA Cloud Connector with OpenSSL certificates – Part 1

Given that my CA certificate had already been imported into my browser:

Secure your HANA Cloud Connector with OpenSSL certificates – Part 1

And of course I also get my green light for the UI Certificate in the General Security Status:

Secure your HANA Cloud Connector with OpenSSL certificates – Part 1

Source: scn.sap.com

1 comment: