You can connect to SAP through HTTPS and read SAP table sources by creating an OpenSSL certificate in the Secure Agent machine, and then importing the created certificate in the PSE format to the SAP system trust store.
To enable HTTPS in an SAP Table connection, you also need to specify the keystore password and private key password of the keystore file that you generate.
Create an OpenSSL certificate
Before you create an OpenSSL certificate, you need to perform the prerequisite tasks.
•Download and install OpenSSL on the Secure Agent machine.
• Based on the operating system of the machine that hosts the Secure Agent and the SAP system, download the latest available patch of the SAPGENPSE Cryptography tool from the SAP Service Marketplace.
Typically, the SAPGENPSE files are extracted to the nt-x86_64 directory.
•Configure the following SAP parameters: icm/server_port, ssl/ssl_lib, sec/libsapsecu, ssf/ssfapi_lib, ssf/name, icm/HTTPS/verify_client, ssl/client_pse, and wdisp/ssl_encrypt. For more information, see the SAP documentation.
To create a self-signed certificate using OpenSSL, perform the following tasks:
1From the command line, set the OPENSSL_CONF variable to the absolute path to the openssl.cfg file.
For example, run the following command: set OPENSSL_CONF= C:\OpenSSL-Win64\bin\openssl.cfg
2Navigate to the <openSSL installation directory>\bin directory.
3To generate a 2048-bit RSA private key, run the following command:
- An export password for the P12 file. Re-enter the password for verification.
Important: Make a note of this export password for the P12 file. You need to keep this password handy while creating a Java keystore file to connect to SAP through HTTPS.
The <P12 File_Name>.p12 file is generated in the specified directory.
11To create a Java keystore file, enter the following command:
- Password for the destination keystore, the JKS file.
Important: Make a note of this password. You need to keep this password handy while creating an SAP Table connection.
- Password for the source keystore, the P12 file. Enter the Export password for the P12 file.
The <JKS File_Name>.jks file is generated in the specified directory.
While enabling HTTPS in an SAP Table connection, specify the name and location of this keystore file. You also need to specify the destination keystore password as the Keystore Password and the source keystore password as the Private Key Password.
Convert an OpenSSL certificate to PSE format
After you create an OpenSSL certificate, you need to convert the OpenSSL certificate to PSE format using the SAPGENPSE tool.
1From the command line, navigate to the <SAPGENPSE Extraction Directory> directory.
2To generate a PSE file, run the following command: