Friday 31 May 2019

Generate certificate and add to SAP HANA Certificate Store

Introduction


This blog helps to Generate Certificates and add it to HANA Certificate Store and Configure Certificate Collection while configuration of Principal Propagation to SAP HANA XS on SCP.

Am highlighting a section where we are unable to find the certificates after configuring the Trust in SAML Identity Provider.

To verify the list of certificates installed use the following SQL Command.

SELECT * FROM SYS.CERTIFICATES

If the result is empty. Follow the below steps to generate the Certificates.

Login to HANA Admin Cockpit with SYSTEM user .
Make sure the SYSTEM user contains all Admin System privileges ( like TENANT ADMIN, CERTIFICATE ADMIN etc ).
After login navigate to SAP HANA Certificate Management section. It should look similar to below.  if the “Configure Certificate Collections” count is 0 then it means there is no certificate in it.


SAP HANA Certifications, SAP HANA Guides, SAP HANA Learning, SAP HANA Study Materials

Generate Certificates


The generated certificate which  will be later imported it to Certificate Store. To do so follow the below steps.

Step 1 – Edit the metadata.xml in notepad++ and the file should look like the below.

SAP HANA Certifications, SAP HANA Guides, SAP HANA Learning, SAP HANA Study Materials

Step 2 – Copy the values highlighted in Yellow .i.e the values between <X509Certificate>  </X509Certificate> html tags.

Step 3 – Create a Certificate(.der) file . Open a notepad and paste it, then add “—–BEGIN CERTIFICATE—–” in the beginning of it and “—–END CERTIFICATE—–” to the end of it . The file should look similar to below.

SAP HANA Certifications, SAP HANA Guides, SAP HANA Learning, SAP HANA Study Materials

Step 4 – Now save the file in .der format. ex:- scpcertficatetrial.der

Step 5 – Import the certificate in “Certificate Store”. See the below image.

SAP HANA Certifications, SAP HANA Guides, SAP HANA Learning, SAP HANA Study Materials

Step 6 – Create a “Certificate Collection” ex:- SCP Certificate.

SAP HANA Certifications, SAP HANA Guides, SAP HANA Learning, SAP HANA Study Materials

Step 7 – Add the Certificate to the Collection.

SAP HANA Certifications, SAP HANA Guides, SAP HANA Learning, SAP HANA Study Materials

Step 8 – Change the Purpose to SAML and save it.

SAP HANA Certifications, SAP HANA Guides, SAP HANA Learning, SAP HANA Study Materials

Step 9 – Lets check in the HANA Cockpit. You can see the number of certificates in the cockpit if all the configs are done as described above.

SAP HANA Certifications, SAP HANA Guides, SAP HANA Learning, SAP HANA Study Materials

Also verify that the certificate of your SCP account metadata has been successfully stored using the following SQL command:

SELECT * FROM SYS.CERTIFICATES

The certificate will be fetched. It should look similar to below:-

SAP HANA Certifications, SAP HANA Guides, SAP HANA Learning, SAP HANA Study Materials

This step concludes the scenario of Certificate Creation and Addition to the Store.

No comments:

Post a Comment