To enable SAP HANA applications to use SSL/HTTPS to secure both incoming and outgoing connections, you must maintain the SAP Web Dispatcher profile sapwebdisp.pfl.
Note
The SAP Web Dispatcher referred to here is internal to SAP HANA XS and not the SAP Web Dispatcher included in the SAP Fiori / SAP Smart Business system landscape.
To configure the SAP Web Dispatcher to enable SSL/HTTPS for SAP HANA applications, note the following prerequisites:
You need root/administrator access to the SAP HANA system hosting the SAP Web Dispatcher service.
The SAP encryption library libsapcrypto.so is installed and available.
The trust store utility sapgenpse is available.
The SAP Web Dispatcher trust store (SAPSSL.pse) is available.
You use the SAP Web Dispatcher profile to specify, among other things, the location of the encryption library (libsapcrypt.so) and the SAP Web Dispatcher trust store (SAPSSL.pse).
On the SAP HANA server, open the SAP Web Dispatcher profile in your favorite text editor.
By default, the SAP Web Dispatcher profile sapwebdisp.pfl is located in the following directory:
/usr/sap/<SAPHANAInstance>/HDB<InstNo>/<Hostname>/wdisp/sapwebdisp.pfl
Maintain the following values in the SAP Web Dispatcher profile sapwebdisp.pfl:
Syntax
wdisp/ssl_encrypt = 0 ssl/ssl_lib = /usr/sap/<SAPHANAInstance>/SYS/global/security/lib/libsapcrypto.so ssl/server_pse = SAPSSL.pse icm/HTTPS/verify_client = 1 icm/HTTPS/forward_ccert_as_header = true
Restart the SAP HANA XS engine.
In the SAP HANA studio’s Administrator editor, open the
tab for the SAP HANA system where you want to restart the XS Engine service.Right-click the service and choose the required option:
Stop...
The service is stopped normally and then typically restarted.
Kill...
The service is stopped immediately and then typically restarted.
Reconfigure Service...
The service is reconfigured; any changes made to parameters in the system configuration files are applied.
Restart the SAP Web Dispatcher.
Syntax
sapcontrol -nr <instanceNr> -function SendSignal <pid> <signal>
For example, to restart the SAP Web Dispatcher 00 with the process ID 28155, run the following command:
Syntax
sap control -nr 00 function SendSignal 28155 2
Test HTTPS calls to the SAP HANA Web server.
In a Web browser, call the SAP HANA XS Web server at the following URL: https://<SAPHANA_WebServer_Hostname>:43SAPHANAInstNo>