Symptom
How to upload certificates for domains defined in SAP HANA XS advanced.
Other Terms
SAP HANA XS advanced, domains, SSL, https, certificates
Reason and Prerequisites
An installed SAP HANA system including SAP HANA XS advanced is required.
Solution
To use the SAP HANA XS advanced command-line client to upload custom
certificates for your domains, run the following command in a command
shell:
A valid file looks like the following example:
xs set-certificate ‹domain_name› -k ‹path_to_key_file› -c ‹path_to_certificate_chain_file›
To list all configured domains, run the following command:
xs domains
The key file must include an RSA private key in PKCS8 format encoded as PEM. You can use the openssl command-line tool to convert your key into this format. A valid file looks similar to the following example:
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCCATH/7TC5Clg/
u5tkm3rOTzACw/L3LeAtILOHhiNgtyR6eTpl1rK29P3UqNcYk4HSFjX0LXiqNMnQ
[...]
25dzj6ORaUuA8NoPEGJBzc8oXSDdyYaK+A+frcvoigIWsZTB7T55YrXWOAm9GQPp
wqhpyR2NA0Zdgy6IAQGVAGE=
-----END PRIVATE KEY-----
The certificate-chain file must include the complete
chain of X.509 PEM-encoded certificates, and the order of the
certificates must ensure that a signed certificate is always followed by
the signing certificate. In other words, put the root certificate last.MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCCATH/7TC5Clg/
u5tkm3rOTzACw/L3LeAtILOHhiNgtyR6eTpl1rK29P3UqNcYk4HSFjX0LXiqNMnQ
[...]
25dzj6ORaUuA8NoPEGJBzc8oXSDdyYaK+A+frcvoigIWsZTB7T55YrXWOAm9GQPp
wqhpyR2NA0Zdgy6IAQGVAGE=
-----END PRIVATE KEY-----
A valid file looks like the following example:
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIIK6DqUsrMfCswDQYJKoZIhvcNAQELBQAwYDELMAkGA1UE
BhMCREUxCzAJBgNVBAgTAkJXMQ8wDQYDVQQKEwZTQVAgU0UxCzAJBgNVBAsTAlhT
[...]
il8r/0fqwnfGOx2Sr2RrY6aZmjhXQPd2f7WTCcJt+5AL2XYjQ8VlKhoc0v/oA79y
r7ZA/IfhospwPcf0BjU=
-----END CERTIFICATE-----
[...]
-----BEGIN CERTIFICATE-----
MIIDNDCCAhygAwIBAgIJAKTwKtDjwvM1MA0GCSqGSIb3DQEBCwUAMEsxCzAJBgNV
BAYTAkRFMQswCQYDVQQIEwJCVzEPMA0GA1UEChMGU0FQIFNFMQwwCgYDVQQLEwNY
[...]
fX65om8UUvX9bngDDoqmqtiBNsE/KeXkEM6NRgqWNeZEJfsvioAqntq+fc1/URyD
MFhILyAGwTQ=
-----END CERTIFICATE-----
After deploying the certificate successfully, you must restage and
restart every application, for example, by executing the following
commands:MIIDmjCCAoKgAwIBAgIIK6DqUsrMfCswDQYJKoZIhvcNAQELBQAwYDELMAkGA1UE
BhMCREUxCzAJBgNVBAgTAkJXMQ8wDQYDVQQKEwZTQVAgU0UxCzAJBgNVBAsTAlhT
[...]
il8r/0fqwnfGOx2Sr2RrY6aZmjhXQPd2f7WTCcJt+5AL2XYjQ8VlKhoc0v/oA79y
r7ZA/IfhospwPcf0BjU=
-----END CERTIFICATE-----
[...]
-----BEGIN CERTIFICATE-----
MIIDNDCCAhygAwIBAgIJAKTwKtDjwvM1MA0GCSqGSIb3DQEBCwUAMEsxCzAJBgNV
BAYTAkRFMQswCQYDVQQIEwJCVzEPMA0GA1UEChMGU0FQIFNFMQwwCgYDVQQLEwNY
[...]
fX65om8UUvX9bngDDoqmqtiBNsE/KeXkEM6NRgqWNeZEJfsvioAqntq+fc1/URyD
MFhILyAGwTQ=
-----END CERTIFICATE-----
xs restage ‹appname›
xs restart ‹appname›
Please note that in SP11 Revision 0 only the certificate of the default domain is automatically shared with the applications.
Header Data
Released On | 27.11.2015 12:21:47 |
Release Status | Released for Customer |
Component | BC-XS XS Engine |
Priority | Recommendations / Additional Info |
Category | Installation information |
No comments:
Post a Comment