Not in aqishare! Communication via HTTPS
Set up secure communication between SAP and aqilink
. This chapter outlines the required steps to import the certificate from the aqilink
web server into SAP and configure SAP Content Repositories to use HTTPS instead of HTTP for communication.
What this chapter does not cover
- The configuration of the SSL connection on the webserver where
aqilink
is installed. - The installation and configuration of the SSL connection on the connected repository.
- The creation of the certificate itself.
Get current Certificate
The certificate utilized by the aqilink
web server must be recognized and imported into SAP. To retrieve and export the certificate from the web server, follow these steps:
-
Open a browser and navigate to the web server where
aqilink
is running on port3000
. If you have changed this default port in yourDockerfile
ordocker-compose.yaml
, use the port number specified in your setup. Next, click on the lock icon in front of the URL to view the site information.Example:
https://localhost:3000
- View the details of the currently installed certificate and export it. In Google Chrome, click on Connection is secure, then on Certificate is valid, and switch to the Details tab to find the export button. Save the certificate to the local machine using the file extension
.pem
.
Prepare SAP Content Repository for HTTPS
To prepare the SAP Content Repository for a secure connection, follow these steps:
-
Open transaction
OAC0
. -
Choose the desired SAP Content Repository.
-
Enter
%https
(including the percent sign) in the transaction code field to display the necessary HTTPS related settings. Once the fields appear:- Clear the value for
Port Number
. - Enter the
SSL Port Number
. - Choose
HTTPS required
as value forHTTPS on frontend
. - Choose
HTTPS required
as value forHTTPs on backend
.
- Clear the value for
!> Ensure that you remove the non-SSL Port Number; otherwise, the connection will fail.
- Save the settings for the SAP Content Repository.
- Attempt to test the connection to the Content Repository or retrieve information from it by clicking one of the related buttons. Any connection test will now result in a failure with the following error:
To enable the SSL connection, the certificate exported in the previous step must be recognized by SAP. Therefore, it needs to be imported into SAP.
Import Certificate in SAP Personal Security Environment (PSE)
To import the certificate, as described in the section above into the SAP Personal Security Environment (PSE), follow these steps:
- Open transaction
STRUST
. - Verify if an
SSL Client (Standard)
PSE exists and access it by double-clicking.
If an
SSL Client (Standard)
PSE is not available, select theSSL Client (Standard)
entry and use the context menu to create a new Personal Security Environment. Apply the default settings where applicable.
- Switch to Edit mode, then navigate to the
Certificate
section. - Click on the
Import certificate
button.
- Use the file chooser to select the previously saved
.pem
file from the certificate export section using the File chooser. The certificate now appears with all its details. - Click on
Add to Certificate List
to addd the certificate to the Certificate list.
- The certificate from the
aqilink
web server is now listed among the trusted certificates. Confirm its presence by looking through the list of certificates. Remember, the list has not been saved yet!
- Finally click on Save to persist the new certificate in SAP. The message in the bottom line of the SAP GUI should read as follows:
- To verify the SSL connection, go back to the SAP Content Repository Administration of the related Content Repository (t-code
OAC0
) and test the connection again. The SSL handshake error regarding untrusted certificate is now gone and the connection through HTTPS works fine:
The communication via HTTPS between SAP and the aqilink
web server is now established.