Let’s Encrypt [Part III]

Let’s Encrypt [Part III]

Using “Let’s Encrypt” certificates with SAP/HANA web dispatcher and XSA on an Azure deployment for SSL communication.

_____________________________________________________________________________________________________________________________

In the previous article, I explained how I installed ‘Let’s Encrypt’ certificate for SSL communication in our SAP/HANA environment. Here I will go deeper into how I did a similar setup on our SAP/BW4HANA.

If we look at the SAP/BW4HANA installation we have a similar setup as for SAP/HANA with that difference that we only need to generate SAPSLSS.pse file. This means that we also have to install the acme tool on the BW4HANA machine. (see the previous article for more information on this).

So the script is very familiar to the previous one and should be executable by the SAP BW4HANA system user.

 width=

Now that we have a signed SAPSLSS.pse file, it has to be uploaded to STRUST database under the SSL Server Standard.

 width=

To automate this process. The first thing to do is to define a system command in the BW4 system. Using the GUI startup transaction SM69 and start the creation of a new command.

 width=

Give the command a unique name and provide the script to be executed. Note that the execution of the script will be done by the Linux OS user created during the sap installation. This user should have execution rights on the script on OS level.

 width=

Next, I created an ABAP that will do two things. The first thing the program does is execute the script so that the SAPSLSS.pse file is created on the server.

 width=

Next, the program will load the SAPSLSS.pse generated file into the STRUST database.

 width=

Once the program has run, the changed certificate should be visible in STRUST.

 width=

With the program in place. It can now be scheduled to run regularly using the transaction SM37. I scheduled the program to run on a monthly basis.

 width=

With everything in place, you should have a trusted lock sign when accessing the BW4HANA through a browser.

 width=

Hope this information was useful for automating certificate renewal on SAP/HANA and BW4HANA.

Blog by Pascal De Poorter