Secure your HANA Cloud Connector with OpenSSL certificates – Part 1

Secure your HANA Cloud Connector with OpenSSL certificates – Part 1

Out of the box, the HANA Cloud Connector (SCC) is not secure, as clearly documented by the General Security Status:

Secure your HANA Cloud Connector with OpenSSL certificates – Part 1

Therefore, in this blog series, I will show how to secure your SCC with OpenSSL certificates item by item, until the General Security Status is all green.

As mentioned in the General Security Status, the out of the box SSL certificate does not use the host name as its common name (CN) and is therefore not trusted:

Secure your HANA Cloud Connector with OpenSSL certificates – Part 1

It is still possible to work with the SCC in this state via a browser security exception, but I will show how to properly secure the connection.

First I crate a Certificate Signing Request (CSR) with the correct hostname as CN:

Secure your HANA Cloud Connector with OpenSSL certificates – Part 1

And save it as a file:

Secure your HANA Cloud Connector with OpenSSL certificates – Part 1

I then import this file into TinyCA:

Secure your HANA Cloud Connector with OpenSSL certificates – Part 1

And check that the details are correct:

Secure your HANA Cloud Connector with OpenSSL certificates – Part 1

Next, I sign the request:

Secure your HANA Cloud Connector with OpenSSL certificates – Part 1

And export the resulting certificate to file:

Secure your HANA Cloud Connector with OpenSSL certificates – Part 1

After importing it into my SCC:

Secure your HANA Cloud Connector with OpenSSL certificates – Part 1

I restart my SCC and the connection becomes secure:

Secure your HANA Cloud Connector with OpenSSL certificates – Part 1

Given that my CA certificate had already been imported into my browser:

Secure your HANA Cloud Connector with OpenSSL certificates – Part 1

And of course I also get my green light for the UI Certificate in the General Security Status:

Secure your HANA Cloud Connector with OpenSSL certificates – Part 1

Leave a Reply

Your email address will not be published. Required fields are marked *