SSL stress with SAP vs .cloud.ptvgroup.com

Deals with generic topics such as logging, framework and so on. If you are not sure where to place your topic just put it here.
Post Reply
User avatar
Bernd Welter
Site Admin
Posts: 2545
Joined: Mon Apr 14, 2014 10:28 am
Contact:

SSL stress with SAP vs .cloud.ptvgroup.com

Post by Bernd Welter »

Hello together,

the following issue was raised during some evaluations of our PTV xServer INTERNET in combination with SAP and some specific components.

We use GeoTrust as Certificate Authority (CA) for the SSL access to our cloud services. GeoTrust is a large certificate providerthat is supported by all major browsers. Furthermore GeoTrust is supported by SAP , e.g. as Load Balancer Root Certificate.
https://proddps.hana.ondemand.com/dps/d ... 6cdea.html

But: GeoTrust is not part of the list of CA's for outbound SSL connections of SAP HANA JVM:
https://help.hana.ondemand.com/help/fra ... d4668.html
Comparison of the lists
Comparison of the lists
This prevents customers to connect from such a SAP HANA JVM to xServer INTERNET (or to any other HTTPS service that uses GeoTrust as CA). We are currently evaluating how to deal with this info - maybe there is a specific reason for this condition but we are not aware of the cause.
For those who have close connections to SAP: contribution is welcome.

Further details are available here: http://xserver.ptvgroup.com/forum/viewt ... f=41&t=276

Best regards Bernd
Bernd Welter
Technical Partner Manager Developer Components
PTV Logistics - Germany

Bernd at Youtube
I like the smell of PTV Developer in the morning... :twisted:
User avatar
Bernd Welter
Site Admin
Posts: 2545
Joined: Mon Apr 14, 2014 10:28 am
Contact:

Re: SSL stress with SAP vs .cloud.ptvgroup.com

Post by Bernd Welter »

Meanwhile we have some new info: (Thanks Oli!)
Obviously it is possible to extend the keystore of a SAP HANA Cloud, looks like this is a new feature and so the workaround is no longer necessary:

For SSL connections to services which use different certificate issuers, you need to configure trust to use the keystore service of the platform. For more information, see Tutorial: Using the Keystore Service for Client Side HTTPS Connections.

https://help.hana.ondemand.com/help/fra ... d4668.html

Anyhow: we still wonder why GeoTrust is no longer part of the default...

Regards Bernd
Bernd Welter
Technical Partner Manager Developer Components
PTV Logistics - Germany

Bernd at Youtube
I like the smell of PTV Developer in the morning... :twisted:
Post Reply