To secure communication, SAP HANA supports use of either the SAPCrypto libraries or OpenSSL. Any hardware vendors not configuring Secure Socket Layer(SSL) communication for SAP HANA. This attached guide provides you the steps required to configure and enable OpenSSL communication between SAP HANA Studio and SAP HANA Server.

1. How to Secure Communication within SAP HANA Prepared by Debajit Banerjee
How to secure communication between SAP HANA Server and HANA Studio?
By configuring open SSL between SAP HANA Server and HANA Studio, we can secure communication.
Before moving to SSL configuration, let’s have a look at SAP HANA Security Architecture.
SAP HANA – Secure communication and encryption
 Communication encryption – SSL
 Encryption at rest – On the roadmap HANA
SAP HANA – Authorization Framework
 System privileges – for Administrative actions
 SQL privileges – access to data & operations on database objects
 Analytical privileges – for runtime access; row-level access based on dimensions of the respective view (analytical,
calculation, attribute)
 Repository privileges – access to in the repository(modeling) at design time
It also take care of User & Role Management; Roles are used to bundle and structure privileges; Privileges or Roles can
be assigned to Users and Privileges control what Users can do.
SAP HANA – Authentication and Single Sign-on
 User name and Password – Password policy
 Kerberos Authentication – including delegation
 SAML Authentication – Bearer Token
Logging Framework is mainly used for Audit logging and HANA Studio is used for general Security Administration
purposes.
http://debajitb.wix.com/debajitbanerjee | http://debajitb.wix.com/debajitbanerjee/apps/blog 1

2. How to Secure Communication within SAP HANA Prepared by Debajit Banerjee
So, from the above, it is obvious that SSL Configuration for SAP HANA is one of the basic necessity to step forward ahead
in HANA Security aspects, e.g., SSO configuration,etc.
How to configure SSL for SAP HANA?
Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a message transmission on the
Internet. SAP HANA Server runs on SLES 11 SP1 or SP2 and generally people access the server from their
desktops/laptops running on linux or windows. Administrators, Modelers/Developers and Security team access SAP
HANA Server through SAP HANA Studio. SAP HANA supports use of either the SAPCrypto libraries or OpenSSL to secure
communication. Here I will discuss about OpenSSL.
First, just check whether SSL has been already configured for your SAP HANA Server.
When you are connecting to SAP HANA Server, please tick on “Connect Using SSL” option.
If it is not SSL configured, it will throw the below error:
http://debajitb.wix.com/debajitbanerjee | http://debajitb.wix.com/debajitbanerjee/apps/blog 2

3. How to Secure Communication within SAP HANA Prepared by Debajit Banerjee
Now here are the steps to configure SSL for SAP HANA –
A.) Activities at SAP HANA Server end
Step 1. As user ‘root’, check for existence of libssl.so, if the file does not exist create a symbolic link to libssl.so.0.9.8
Step 2. Create “root Certificate” using <sid>adm user
http://debajitb.wix.com/debajitbanerjee | http://debajitb.wix.com/debajitbanerjee/apps/blog 3

4. How to Secure Communication within SAP HANA Prepared by Debajit Banerjee
Step 3. Using <sid>adm user, creation of “Server Certificate”
http://debajitb.wix.com/debajitbanerjee | http://debajitb.wix.com/debajitbanerjee/apps/blog 4

5. How to Secure Communication within SAP HANA Prepared by Debajit Banerjee
Step 4. Signature of the Server Certificate
This activity will generate CA_Cert.srl and Server_Cert.pem files.
Step 5. Chain the Server Certificate
The structure of Server Certificate looks like:-
----- BEGIN CERTIFICATE -----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
----- END CERTIFICATE -----
----- BEGIN RSA PRIVATE KEY ----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
----- END RSA PRIVATE KEY ----
----- BEGIN CERTIFICATE -----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
----- END CERTIFICATE -----
http://debajitb.wix.com/debajitbanerjee | http://debajitb.wix.com/debajitbanerjee/apps/blog 5

6. How to Secure Communication within SAP HANA Prepared by Debajit Banerjee
Step 6. Copy the Server Certificate to trust.pem
Step 7. Restart SAP HANA Server
http://debajitb.wix.com/debajitbanerjee | http://debajitb.wix.com/debajitbanerjee/apps/blog 6

7. How to Secure Communication within SAP HANA Prepared by Debajit Banerjee
B-I) Activities at SAP HANA Client end (if Client is on Linux)
Step 1. Check JAVA Version and JAVA_HOME
Step 2. Import ‘trust.pem’ into the JAVA Keystore on the client
B-II) Activities at SAP HANA Client end (If Client is on Windows)
For Windows box, please use Administrator for performing the below activities -
From HANA Studio, one can figure out JAVA_HOME
http://debajitb.wix.com/debajitbanerjee | http://debajitb.wix.com/debajitbanerjee/apps/blog 7

8. How to Secure Communication within SAP HANA Prepared by Debajit Banerjee
Before execute the keytool command, better to check the existence of cacerts file.
http://debajitb.wix.com/debajitbanerjee | http://debajitb.wix.com/debajitbanerjee/apps/blog 8

9. How to Secure Communication within SAP HANA Prepared by Debajit Banerjee
http://debajitb.wix.com/debajitbanerjee | http://debajitb.wix.com/debajitbanerjee/apps/blog 9

10. How to Secure Communication within SAP HANA Prepared by Debajit Banerjee
C) SSL Enablement within SAP HANA Studio
Connect using SSL option.
Now SAP HANA Studio will communicate using SSL, the hover tooltip should now show SSL, and the system node icon
should show a small lock.
Now I am trying with another user
http://debajitb.wix.com/debajitbanerjee | http://debajitb.wix.com/debajitbanerjee/apps/blog 10

11. How to Secure Communication within SAP HANA Prepared by Debajit Banerjee
So, it is working perfectly.
The above steps required to configure and enable OpenSSL communication between SAP HANA Server and SAP HANA
Studio.
===== End of Document ======
http://debajitb.wix.com/debajitbanerjee | http://debajitb.wix.com/debajitbanerjee/apps/blog 11