How to enable SSL/TSL support for SAP HANA agent
Article ID: 115863
Updated On:
Products
CA Automic Workload Automation - Automation Engine
Issue/Introduction
Having a *.PSE file certificate from SAP for SSL configuration how should you proceed to configure a SAP HANA agent. As is the certificate cannot be imported to java keystore, nor is it x.509 standard.
Without having SSL/TSL enabled, SAP HANA jobs will fail with error :
SAP DBTech JDBC: [4321] : only secure connections are allowed
How should a secure connection from the SQL agent to SAP HANA be set up?
Without having SSL/TSL enabled, SAP HANA jobs will fail with error :
SAP DBTech JDBC: [4321] : only secure connections are allowed
How should a secure connection from the SQL agent to SAP HANA be set up?
Environment
Release: AUTWAB99000-12.2-Automic Workload Automation-Base Edition
Component:
Component:
Resolution
Follow the following steps:
1) Import the certificate in format *.cer to the JDK keystore and restarted DB Service Agent and SQL HANA Agent
- A certificate in *cer can be created by SAP authorized team.
- Certificates can also be converted from *.PSE format to *.CER format using ' sapgenpse ' command on your Hana server:
sapgenpse get_pse -p <pse filename>.pse -a sha256WithRsaEncryption -s 2048 -noreq -x <password> "<xxx>"
2) Created an SQL Connection Object with type SQL HANA and connection parameters with parameter as ' encrypt ' and value as ' true'.
Secured connectivity can be verified after certificate import manually using the following command from the server :
3) Execute SQL jobs using the created CONN object instead of login object.
Additional information about connection objects user Generic JDBC:
https://docs.automic.com/documentation/webhelp/english/AWA/12.1/DOCU/12.1/AWA%20Guides/help.htm#AWA/Objects/obj_Connection_overview.htm#SQL
SAP documentation regarding SSL activation inside the jdbc string (jdbc:sap://::[options] can be found here: https://www.sap.com/france/developer/tutorials/hxe-connect-hxe-using-jdbc.html And notably here where the Connection Properties are discussed: https://help.sap.com/viewer/0eec0d68141541d1b07893a39944924e/2.0.02/en-US/109397c2206a4ab2a5386d494f4cf75e.html
1) Import the certificate in format *.cer to the JDK keystore and restarted DB Service Agent and SQL HANA Agent
- A certificate in *cer can be created by SAP authorized team.
- Certificates can also be converted from *.PSE format to *.CER format using ' sapgenpse ' command on your Hana server:
sapgenpse get_pse -p <pse filename>.pse -a sha256WithRsaEncryption -s 2048 -noreq -x <password> "<xxx>"
2) Created an SQL Connection Object with type SQL HANA and connection parameters with parameter as ' encrypt ' and value as ' true'.
Secured connectivity can be verified after certificate import manually using the following command from the server :
/opt/uc4/java/jre1.8.0_131/bin/java -jar ngdbc.jar -u <user>,<password> -n <hostname:port> -c "SELECT DATABASE_NAME FROM SYS.M_DATABASES" -o encrypt=true
See also: https://help.sap.com/viewer/0eec0d68141541d1b07893a39944924e/2.0.03/en-US/9ac4e1eedbbc4961bce0db6ad64b3612.html3) Execute SQL jobs using the created CONN object instead of login object.
Additional information about connection objects user Generic JDBC:
https://docs.automic.com/documentation/webhelp/english/AWA/12.1/DOCU/12.1/AWA%20Guides/help.htm#AWA/Objects/obj_Connection_overview.htm#SQL
SAP documentation regarding SSL activation inside the jdbc string (jdbc:sap://::[options] can be found here: https://www.sap.com/france/developer/tutorials/hxe-connect-hxe-using-jdbc.html And notably here where the Connection Properties are discussed: https://help.sap.com/viewer/0eec0d68141541d1b07893a39944924e/2.0.02/en-US/109397c2206a4ab2a5386d494f4cf75e.html
Feedback
Yes
No
Powered by
