Cloud Connector System Certificate Trust

In order that a secure connection can be established, the Cloud Connector must identify itself to PCo using the system certificate. PCo always requests a certificate from the Cloud Connector. The system certificate of the Cloud Connector needs to be trusted by PCo. The system certificate can be a self-signed certificate or a certificate that was signed by a certificate authority (CA).

Depending on whether the system certificate is a self-signed certificate or a certificate signed by a CA, you proceed slightly differently:

• Cloud connector system certificate is self-signed:

  Copy the self-signed certificate to C:\ProgramData\SAP\PCo\CertificateStores\CloudServicesHost\Trusted\certs.

• Cloud connector system certificate is signed by a CA:

  A signed certificate is in most cases signed by an intermediate certificate, which is then signed by another intermediate certificate or by a root certificate. In other words, there is a certificate chain consisting of two or more certificates from your certificate to the root certificate. The whole certificate chain must be trusted.

  Copy the CA certificate to C:\ProgramData\SAP\PCo\CertificateStores\CloudServicesHost\Trusted\certs.

  Copy all intermediate certificates and the root certificate into C:\ProgramData\SAP\PCo\CertificateStores\CloudServicesHost\Issuer\certs.

For more information about root and intermediate certificates, see: https://help.sap.com/viewer/368c481cd6954bdfa5d0435479fd4eaf/Cloud/en-US/77a609451dbd46a58991e685c37350d8.html?q=Certificate%20chain