Are you wondering how to install the SSL/TLS Certificate on your SAP Web Application Server? SAP is undoubtedly one of the best ERP solutions for businesses of all sizes but there’s no way you can ignore its security.
In this article, we will tell you all about installing SSL in the SAP application server and the intricacies involved in it. Also, you will be briefed about useful information pertaining to SAP and SSL certificates in general.
Let us begin with a brief overview of why you need an SSL certificate on your SAP web application server and then dive deeper into how to install the SSL/TLS certificate on your SAP web application.
Why should you install an SSL certificate on your SAP web application server?
The Secure Socket Layer (SSL) certificate is a misnomer for the present-day Transport Layer Security (TLS) certificate, a digital certificate that triggers encryption between the client machine and the application server systems that is accessed by users.
This additional layer of security is inevitable because it prevents data leakage which can result in dire consequences such as fines and penalties under the GDPR and other privacy laws. This is because it involves the exchange of sensitive third-party data that the business is obligated to protect.
Step by Step Guide to Install an SSL Certificate on SAP Web Application Server
Now, we will move to SSL Installation Instructions for SAP Web Application Server that is the heart of this article.
#1. Generate the CSR
Installing SSL in the SAP Application Server requires a few steps and the first step in the direction of installing an SSL certificate on the SAP Application server is by generating the certificate signing request (CSR) code and sending it for validation to the Certifying Authority. While doing that, a private key would also have to be created and stored on the SAP server. So, the CSR and private key generation take place together to ensure additional security and authenticity.
Prior to creating CSR keys, it is essential for you to make a thorough study of the Personal Security Environments (PSE) deployed on the applications. For each PSE, there would be the need for an explicit CSR to be generated. However, if system-wide SSL server PSE is deployed, then just one CSR would suffice.
Steps to generate CSR code on SAP
Step #1. Navigate to Trust Manager in the admin console
Step #2. In the Trust Manager Window screen, you must expand the SSL Server PSE node and head to the PSE maintenance section.
Step #3. In the PSE maintenance section, navigate to the Owner section where the Application Server Certificate is located.
Step #4. For every SSL Server PSE, you must choose the application server and provide the following information:
- Country Name – Under this option, you must provide the two letters that denote the country in which the business is incorporated.
- State or Province – In this section, you need to write the full name of the respective State.
- City – In this section, you need to write the full name of the respective City.
- Organization – Enter the complete name of the entity along with the extension, which could be LLC, INC, or something else.
- Organizational Unit – This refers to the unit or the department within the company that is raising the CSR request in order to procure an SSL/TLS certificate for the business.
- Common Name – This is where you should enter your website’s URL for which you plan to have the CSR key issued.
Step #5. After you have filled in all the details, navigate to the PSE maintenance menu where you will find Create Certificate Request, an option that you must select.
Step #6. When the certificate request window opens up, save it locally on the system.
This completes the CSR file generation process, which is more like an application being filed with the Certifying Authority for the issuance of an SSL certificate. The CSR file can be open on the system by using any text editor and the most commonly used application is the good old Notepad. Let us now move forward to the next step.
#2. Installing the SSL on the SAP Application Server
After the previous step, the Certifying Authority would send over the corresponding SSL certificate files through email in a zip folder. This must be downloaded and extracted onto the desktop. At this point, it is worth taking note of the fact that the Trust Manager mandatorily requires the public key and the root certificates to comply with the PKCS#7 format or the PEM format.
Before you begin the main process of installation, you will have to keep the following files ready.
- Firstly, you will have to keep the SSL certificate ready, and you can identify that as the file with the x509/.cer/.crt/.pem extension.
- Secondly, you will require the CA Bundle, sometimes referred to as the intermediate certificates.
- Root Certificate.
Once you have these files in place, open them with notepad or any other Text Editor, copy-paste the data, and save each of the three files in text format. With these three files in place, simply follow the below-mentioned steps to complete the installation.
- Start by logging into the admin console.
- Navigate to the trust manager and then expand the SSL server PC node and go to the application server from there.
- Navigate to the PSE maintenance and from that section, opt for the Import Cert Response.
- You must now click on the load local option and upload the primary SSL certificate, a file that comes with the .crt extension. Alternately, you may copy-paste the content of the .crt file in the box that is provided.
- You will now see that the PSE maintenance section would display the SSL certificate.
- Finally, save the data.
Thereafter, it is time to add the CA Bundle and root certificates to the certificate database, file system, and the other PSEs, if any.
Steps to add Certificates to the Certificate Database:
- Navigate to the Certificate section and click on the ‘Import Certificate’ option.
- Click on the Database tab, choose certificate and hit enter.
- When the certificate is displayed, click on the ‘Add to Certificate List’ option and save.
Steps to add Certificates to the File System:
- Go to the certificate section and click on the ‘Import Certificate’ option.
- From the file system, indicate the specific file name and choose the file format as Base 64, and hit Enter. At this point, the certificate remains in the maintenance section.
- Finally, select the ‘Add to Certificate List’ option and save the data.
Steps to add Certificates to the Individual PSE:
You will use this option only if there are multiple PSEs. In the case of system-wide PSE, this is not required.
- Go to the PSE node which hosts the certificate and click on the desired application server.
- Navigate to the Certificate list which is under the PSE Maintenance section and select the certificate by double-clicking on it.
- Now, navigate to the application server under the SSL server PSE and double click on it.
- Finally, click on the Add to Certificate List and save the essential info.
With that, the SSL certificate installation on your SAP system is complete. However, it would only be prudent to test it after installation.
Why test the SSL installation on SAP?
Now that you have completed all the SSL installation instructions for the SAP web application server, you might assume that you are through with the process but there is every possibility of SSL errors and vulnerabilities existing within the ecosystem. So, always make it a point to use a reliable testing tool to run diagnostic tests before marking this task complete.
Where to buy the best SSL Certificate for SAP Web Application Server?
To make your SAP web application server secure, an SSL certificate is a necessary protocol. But, an SSL certificate should be from a reliable SSL certificate authority. At ClickSSL, you will find the most compatible SSL certs starting from domain validation to Organization validation and extended validation certificate. We at ClickSSL offer the low price on different SSL categories. Along with desired SSL certificate, you will have 24/7 customer support to solve any SSL related queries. You can visit our live chat to know the type of SSL certificate that you want for SAP Web Application Server.
We have discussed the step-by-step instructions to effortlessly install the SSL/TLS certificate on your SAP web application server. However, take note of the PSEs and adapt the installation accordingly. Finally, once you are done make sure to test the entire ecosystem and fix any SSL errors that might exist to prevent security concerns in the future.