Out of the box, the HANA Cloud Connector (SCC) is not secure, as clearly documented by the General Security Status:
![Secure your HANA Cloud Connector with OpenSSL certificates – Part 1]( "Secure your HANA Cloud Connector with OpenSSL certificates – Part 1")
![Secure your HANA Cloud Connector with OpenSSL certificates – Part 1]( "Secure your HANA Cloud Connector with OpenSSL certificates – Part 1")
![Secure your HANA Cloud Connector with OpenSSL certificates – Part 1]( "Secure your HANA Cloud Connector with OpenSSL certificates – Part 1")
![Secure your HANA Cloud Connector with OpenSSL certificates – Part 1]( "Secure your HANA Cloud Connector with OpenSSL certificates – Part 1")
![Secure your HANA Cloud Connector with OpenSSL certificates – Part 1]( "Secure your HANA Cloud Connector with OpenSSL certificates – Part 1")
![Secure your HANA Cloud Connector with OpenSSL certificates – Part 1]( "Secure your HANA Cloud Connector with OpenSSL certificates – Part 1")
![Secure your HANA Cloud Connector with OpenSSL certificates – Part 1]( "Secure your HANA Cloud Connector with OpenSSL certificates – Part 1")
![]( "Secure your HANA Cloud Connector with OpenSSL certificates – Part 1")
![SAP HANA Certifications]( "Secure your HANA Cloud Connector with OpenSSL certificates – Part 1")
![Secure your HANA Cloud Connector with OpenSSL certificates – Part 1]( "Secure your HANA Cloud Connector with OpenSSL certificates – Part 1")
![Secure your HANA Cloud Connector with OpenSSL certificates – Part 1]( "Secure your HANA Cloud Connector with OpenSSL certificates – Part 1")
![Secure your HANA Cloud Connector with OpenSSL certificates – Part 1]( "Secure your HANA Cloud Connector with OpenSSL certificates – Part 1")
As mentioned in the General Security Status, the out of the box SSL certificate does not use the host name as its common name (CN) and is therefore not trusted:
It is still possible to work with the SCC in this state via a browser security exception, but I will show how to properly secure the connection.
First I crate a Certificate Signing Request (CSR) with the correct hostname as CN:
And save it as a file:
I then import this file into TinyCA:
And check that the details are correct:
Next, I sign the request:
And export the resulting certificate to file:
After importing it into my SCC:
I restart my SCC and the connection becomes secure:
Given that my CA certificate had already been imported into my browser:
And of course I also get my green light for the UI Certificate in the General Security Status:
Source: scn.sap.com