Communication via HTTPS
Set up secure communication between SAP S/4HANA and aqilink. This chapter outlines the steps required to import the certificate from the aqilink web server into SAP and configure the SAP Content Repositories to use HTTPS instead of HTTP for communication. Setting up HTTPS communication is independent of the content repository type used.
Importing the certificate into SAP requires an SAP dialog user with access to transaction STRUST
.
Topics Not Covered in This Chapter
- The configuration of the SSL connection on the web server where aqilink is installed.
- The installation and configuration of the SSL connection on the connected repository.
- The creation of the certificate itself.
Get the Current Certificate
The certificate used by the aqilink web server must be recognized and imported into SAP. To retrieve and export the certificate from the web server, follow these steps:
-
Open a browser and navigate to the web server where aqilink is running. The default port is
3000
, but if you changed it (Refer to Parameter port in theapp.yaml
), use the port number specified in your setup. Next, click the lock icon next to the URL to view the site information.Examplehttps://localhost:3000
- View the details of the currently installed certificate and export it. In Google Chrome, click on Connection is secure, then on Certificate is valid, and switch to the Details tab to find the export button. Save the certificate to the local machine using the file extension
.pem
.
Prepare SAP Content Repository for HTTPS
To prepare the SAP Content Repository for a secure connection, follow these steps:
-
Login to SAP and open transaction
OAC0
. -
Choose the desired SAP Content Repository.
-
If the
HTTPS on frontend
andHTTPS on backend
fields are not visible at the bottom of the screen (refer to screenhot below), proceed with the following step:3.1) Enter
%https
(including the percent sign) in the transaction code field to display the necessary HTTPS related settings. The fields should now appear: -
Now, with the both fields visible, change the following (refer to screenshot below):
Port Number
- remove the value in this field!SSL Port Number
- enter3000
as default or the port configured in your setup (Refer to Parameter port in theapp.yaml
).warningEnsure that only the
SSL Port Number
is set and that the regularPort Number
is removed; if both are present, the connection will fail.HTTPS on frontend
: ChooseHTTPS required
from the dropdown.HTTPs on backend
: ChooseHTTPS required
from the dropdown.
- Save the settings for the SAP Content Repository.
- Attempt to test the connection to the SAP Content Repository or retrieve information from it by clicking one of the related buttons. Any connection test will now result in a failure with the following error:
To enable the SSL connection, the certificate exported in the previous step must be recognized by SAP. Therefore, it needs to be imported into SAP. Refer to the next section.
Import Certificate in SAP Personal Security Environment (PSE)
To import the certificate, as described in the section above into the SAP Personal Security Environment (PSE), follow these steps:
- In SAP, execute transaction
STRUST
. - Verify if an
SSL Client (Standard)
PSE exists and access it by double-clicking.
If an
SSL Client (Standard)
PSE is not available, select theSSL Client (Standard)
entry and use the context menu to create a new Personal Security Environment. Apply the default settings where applicable.
- Switch to Edit mode, then navigate to the
Certificate
section. - Click on the
Import certificate
button.
- Use the file chooser to select the previously saved
.pem
file from the certificate export section using the File chooser. The certificate now appears with all its details. - Click on
Add to Certificate List
to add the certificate to the Certificate list.
- The certificate from the aqilink web server is now listed among the trusted certificates. Confirm its presence by looking through the list of certificates. Remember, the list has not been saved yet!
- Finally click on Save to persist the new certificate in SAP. The message in the bottom line of the SAP GUI should read as follows:
- To verify the SSL connection, go back to the SAP Content Repository Administration of the related Content Repository (t-code
OAC0
) and test the connection again. The SSL handshake error regarding untrusted certificate is now gone and the connection through HTTPS works fine:
The communication via HTTPS between SAP and the aqilink web server is now established.