Skip to main content

Communication via HTTPS

Set up secure communication between SAP S/4HANA and aqilink. This chapter outlines the steps required to import the certificate from the aqilink web server into SAP and configure the SAP Content Repositories to use HTTPS instead of HTTP for communication. Setting up HTTPS communication is independent of the content repository type used.

info

Importing the certificate into SAP requires an SAP dialog user with access to transaction STRUST.

Topics Not Covered in This Chapter

  • The configuration of the SSL connection on the web server where aqilink is installed.
  • The installation and configuration of the SSL connection on the connected repository.
  • The creation of the certificate itself.

Get the Current Certificate

The certificate used by the aqilink web server must be recognized and imported into SAP. To retrieve and export the certificate from the web server, follow these steps:

  1. Open a browser and navigate to the web server where aqilink is running. The default port is 3000, but if you changed it (Refer to Parameter port in the app.yaml), use the port number specified in your setup. Next, click the lock icon next to the URL to view the site information.

    Example
    https://localhost:3000

Access aqilink

  1. View the details of the currently installed certificate and export it. In Google Chrome, click on Connection is secure, then on Certificate is valid, and switch to the Details tab to find the export button. Save the certificate to the local machine using the file extension .pem.

Export certificate

Prepare SAP Content Repository for HTTPS

To prepare the SAP Content Repository for a secure connection, follow these steps:

  1. Login to SAP and open transaction OAC0.

  2. Choose the desired SAP Content Repository.

  3. If the HTTPS on frontend and HTTPS on backend fields are not visible at the bottom of the screen (refer to screenhot below), proceed with the following step:

    3.1) Enter %https (including the percent sign) in the transaction code field to display the necessary HTTPS related settings. The fields should now appear:

  4. Now, with the both fields visible, change the following (refer to screenshot below):

    • Port Number - remove the value in this field!
    • SSL Port Number - enter 3000 as default or the port configured in your setup (Refer to Parameter port in the app.yaml).
      warning

      Ensure that only the SSL Port Number is set and that the regular Port Number is removed; if both are present, the connection will fail.

    • HTTPS on frontend: Choose HTTPS required from the dropdown.
    • HTTPs on backend: Choose HTTPS required from the dropdown.

SAP Repo Setup

  1. Save the settings for the SAP Content Repository.
  2. Attempt to test the connection to the SAP Content Repository or retrieve information from it by clicking one of the related buttons. Any connection test will now result in a failure with the following error:

SAP Repo Setup Ping

info

To enable the SSL connection, the certificate exported in the previous step must be recognized by SAP. Therefore, it needs to be imported into SAP. Refer to the next section.

Import Certificate in SAP Personal Security Environment (PSE)

To import the certificate, as described in the section above into the SAP Personal Security Environment (PSE), follow these steps:

  1. In SAP, execute transaction STRUST.
  2. Verify if an SSL Client (Standard) PSE exists and access it by double-clicking.

If an SSL Client (Standard) PSE is not available, select the SSL Client (Standard) entry and use the context menu to create a new Personal Security Environment. Apply the default settings where applicable.

SAP STRUST 1

  1. Switch to Edit mode, then navigate to the Certificate section.
  2. Click on the Import certificate button.

SAP STRUST 2

  1. Use the file chooser to select the previously saved .pem file from the certificate export section using the File chooser. The certificate now appears with all its details.
  2. Click on Add to Certificate List to add the certificate to the Certificate list.

SAP STRUST 3

  1. The certificate from the aqilink web server is now listed among the trusted certificates. Confirm its presence by looking through the list of certificates. Remember, the list has not been saved yet!

SAP STRUST 4

  1. Finally click on Save to persist the new certificate in SAP. The message in the bottom line of the SAP GUI should read as follows:

SAP STRUST 5

  1. To verify the SSL connection, go back to the SAP Content Repository Administration of the related Content Repository (t-code OAC0) and test the connection again. The SSL handshake error regarding untrusted certificate is now gone and the connection through HTTPS works fine:

SAP Repo Setup Ping Success

The communication via HTTPS between SAP and the aqilink web server is now established.