Configuring X.509 Certificate Authentication for an SAP HANA Database Datastore

Administrators can configure X.509 certificate authentication for SAP HANA database source and target datastores.

Prerequisite: Agent version 2203 or higher

You can set up certificate authentication for all HANA database datastore types and for both ODBC- and server-based connections. See SAP HANA Database for information about their options.

A datastore can have both client and server certificate authentication functioning simultaneously, or only one of them as needed.

Server Certificate Authentication

If ODBC is not used, follow these steps to set up server certificate authentication. If ODBC is used, all configuration is done in the HANA ODBC driver.

  1. While creating or modifying an SAP HANA database datastore, set Use SSL encryption to Yes.

  2. Set Validate Server Certificate to Yes.

    Note

    Enter a hostname only when the hostname in the certificate is different than the one from the connection. For example, when the connection is established to the localhost and the certificate contains the actual hostname. Populate this field only if a failure occurs that was caused by a known hostname change.

  3. Enter the certificate keystore file name in Certificate Keystore.

  4. Save your entries.

Client Certificate Authentication

To set up client certificate authentication, perform these steps:

  1. While creating or modifying an SAP HANA database datastore, set Use Client Certificate Authentication to Yes.

    The user name and password in the Credentials section become hidden since authentication will be derived from the client certificate.

  2. Do one of the following:

    • If Use Data Source(ODBC) is set to Yes, configure the keystore location in the ODBC driver on the client side.

    • If Use Data Source(ODBC) is set to No, enter the certificate keystore filename in Certificate Keystore.

  3. Save your entries.