SSL Configuration

yuuvis® RAD repository-manager 10.x »

As a general rule, a certificate for data consistency and security must be imported and the rmalink-prod.yml configuration file must be modified accordingly, the certificate needs to be integrated in yuuvis® RAD service-manager, and corresponding adaptations must be made to the SAP® SSL configuration to communicate with SAP® for the ArchiveLink connection.

Certificate

The freeware OpenSSL can be used to generate a certificate for development and test systems. For example, once OpenSSL has been installed, the following commands can be executed to generate a certificate. The first commands are used to define an individual password for the certificate and its parameters.

set pass=pass:optimal
set caSubj=/C=DE/ST=DE-DE/L=Berlin/CN=localhost

openssl genrsa -des3 -passout %pass% -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt -subj %caSubj% -passin %pass%
openssl pkcs12 -inkey ca.key -in ca.crt -export -out ca.p12 -passin %pass% -passout %pass%

Executing them will create the ca.crt, ca.key, and ca.p12 files.

Copy the ca.p12 file to the directory specified in the rmalink-prod.yml configuration file.

The rmalink-prod.yml Configuration File

The rmalink-prod.yml configuration file in the \services\service-manager\config\ directory must have the following entries added to it:

eureka:
  instance:
    ip-address: localhost
    hostname: localhost
    non-secure-port-enabled: false
    secure-port-enabled: true
    secure-port: ${server.port}
    statusPageUrl: https://localhost:${eureka.instance.secure-port}/manage/info
    healthCheckUrl: https://localhost:${eureka.instance.secure-port}/manage/health
    secureHealthCheckUrl: https://localhost:${eureka.instance.secure-port}/manage/health
    homePageUrl: https://localhost:${eureka.instance.secure-port}/

server:
  ssl:
    enabled: true
    key-store-type: PKCS12
    key-store: <Path_service-manager>/apps/rmalink/ca.p12
    key-store-password: password
    key-alias: '1'
    enabled-protocols: 'TLSv1.2,TLSv1.3'

security:
  require-ssl: true
Adjustments:
eureka:instance:ip‑address IP address of the 'rmalink' microservice
eureka:instance:hostname Host name
server:ssl:key-store Path to the certificate
server:ssl:key‑store:password Password for the certificate

Following this, the 'rmalink' microservice must be restarted.

Integration in yuuvis® RAD service-manager

A certificate can be integrated using the command prompt or using tools such as KeyStore Explorer.

Command prompt:

  • Run the following commands at the command prompt:

    <Path_service-manager>\jdk\bin\keytool ^
        -importkeystore -srckeystore <Path_service-manager>\apps\rmalink\ca.p12 ^
        -srcstorepass optimal -destkeystore <Path_service-manager>\jdk\lib\security\cacerts ^
        -srcstoretype PKCS12 -deststoretype JKS ^
        -deststorepass changeit
    Adjustments:
    -importkeystore -srckeystore Path to the certificate
    -srcstorepass Password for the certificate
    -deststorepass

    Password for certificate management

    Default: changeit

    • Once completed, yuuvis® RAD service-manager needs to be restarted.

SAP® Configuration

  • Call the 'STRUST' transaction.

  • Go to 'SSL Client Standard'.

  • Switch to the Edit mode.

  • Click the Import button.

  • Specify the certificate.

  • Select 'Add to Certificate List'.

  • Save the configuration.

In addition, the host name of the respective SAP® system must be edited such that the host name of the imported certificate is mapped to the IP address of the server for which the certificate was issued.

ArchiveLink Connection

For the ArchiveLink connection, the HTTP server input must correspond to the hostname of the certificate, not the IP address.

In the 'Logon&Security' section, enable the 'SSL active' option and select the appropriate certificate list into which you have previously imported the certificate.

For configuration details, refer to the SAP® documentation.