Connections > SAP Table Connector connection properties > Configure HTTPS to connect to SAP
  

Configure HTTPS to connect to SAP

To connect to SAP through HTTPS and read SAP table sources, you need the OpenSSL certificate in the Secure Agent machine and the SAP system.
Create an OpenSSL certificate in the Secure Agent machine. Then, import the created certificate in the PSE format to the SAP system truststore.
To enable HTTPS in an SAP Table connection, you also need to specify the generated keystore password and private key password of the keystore file in the SAP system from transaction code SAP ICM Monitor (SMICM).

Create an OpenSSL certificate

Before you create an OpenSSL certificate, you need to perform the prerequisite tasks.
To create a self-signed certificate using OpenSSL, perform the following tasks:
  1. 1From the command line, set the OPENSSL_CONF variable to the absolute path to the openssl.cfg file.
  2. For example, run the following command: set OPENSSL_CONF= C:\OpenSSL-Win64\bin\openssl.cfg
  3. 2Navigate to the <openSSL installation directory>\bin directory.
  4. 3To generate a 2048-bit RSA private key, run the following command:
  5. openssl.exe req -new -newkey rsa:2048 -sha1 -keyout <RSAkey File_Name>.key -out <RSAkey File_Name>.csr
  6. 4When prompted, enter the following values:
  7. 5Optionally, enter the following attributes that you want to pass along with the certificate request:
  8. A RSA private key of 2048-bit size is created. The <RSAkey File_Name>.key and <RSAkey File_Name>.csr files are generated in the specified directory.
  9. 6To generate a self-signed key using the RSA private key, run the following command:
  10. openssl x509 -req -days 11499 -in <RSAkey File_Name>.csr -signkey <RSAkey File_Name>.key –out <Certificate File_Name>.crt
  11. 7When prompted, enter the PEM pass phrase for the RSA private key.
  12. The <Certificate File_Name>.crt file is generated in the specified directory.
  13. 8To concatenate the contents of the <Certificate File_Name>.crt file and the <RSAkey File_Name>.key file to a .pem file, perform the following tasks:
    1. aOpen the <Certificate File_Name>.crt file and the <RSAkey File_Name>.key files in a Text editor.
    2. bCreate a file and save it as <PEM File_Name>.pem.
    3. cCopy the contents of the <Certificate File_Name>.crt file and paste it in the .pem file.
    4. dCopy the contents of the <RSAKey_Name>.key file and append it to the existing contents of the .pem file.
    5. eSave the <PEM file name>.pem file.
  14. 9To create a PKCS#12 certificate, run the following command from the command line:
  15. openssl pkcs12 -export -in <PEM File_Name>.pem -out <P12 File_Name>.p12 –name “domain name”
  16. 10When prompted, enter the following details:
  17. The <P12 File_Name>.p12 file is generated in the specified directory.
  18. 11To create a Java keystore file, enter the following command:
  19. keytool -v -importkeystore -srckeystore <P12 File_Name>.p12 -srcstoretype PKCS12 -destkeystore <JKS File_Name>.jks -deststoretype JKS -srcalias "source alias" –destalias "destination alias"
  20. 12When prompted, enter the following details:
  21. The <JKS File_Name>.jks file is generated in the specified directory.
    While enabling HTTPS in an SAP Table connection, specify the name and location of this keystore file. You also need to specify the destination keystore password as the Keystore Password and the source keystore password as the Private Key Password.

Convert an OpenSSL certificate to PSE format

After you create an OpenSSL certificate, you need to convert the OpenSSL certificate to PSE format using the SAPGENPSE tool.
  1. 1From the command line, navigate to the <SAPGENPSE Extraction Directory> directory.
  2. 2To generate a PSE file, run the following command:
  3. sapgenpse import_p12 -p <PSE_Directory>\<PSE File_Name>.pse <P12 Certificate_Directory>\<P12 File_Name>.p12
  4. 3When prompted, enter the following details:
  5. The <PSE File_Name>.pse file is generated in the specified directory.
  6. 4To generate the certificate based on the PSE format, run the following command:
  7. sapgenpse export_own_cert -p <PSE File_Directory>\<PSE File_Name>.pse -o <Certificate_Name>.crt
  8. 5When prompted, enter the PSE PIN number.
  9. The <Certificate_Name>.crt file is generated in the specified directory. Import this certificate file to the SAP system trust store.

Enable the HTTPS service on the SAP system

To configure HTTPS to connect to an SAP system, you need to enable the HTTPS service from the transaction code SAP ICM Monitor (SMICM) in the SAP system
For more information about how to enable the HTTPS service on the SAP system, see the SAP documentation.

Import the certificate to the SAP system trust store

You need to import the certificate in PSE format to the SAP system trust store to connect to SAP through HTTPS.
  1. 1Log in to SAP and go to the STRUST transaction.
  2. 2Select SSL Client (Standard) and specify the password.
  3. In the Import Certificate dialog, you need to select Base64 format as the certificate file format.
  4. 3Click the Import icon, and select the <Certificate_Name>.crt file in PSE format.
  5. Note: If a user is on a different SAP network, you might need to add a DNS entry of the agent host on the SAP app server.
  6. 4Click Add to Certificate List.
  7. 5Restart the Internet Communication Manager (ICM).