SAP Data Services SSL Configuration
SAP Data Services is very powerful product from SAP. It helps organizations to Maximize the value of all their organization’s structured and unstructured data with exceptional functionalities for data integration, quality, and cleansing. In this new era, everything is available via Internet, and hence there are entities in world who are always in look-out for loop holes to exploits security and data. To restrict it, data should be always move in encrypted environment and hence, SSL is must for each endpoint access. In this post, let’s check out how to perform SAP Data Services SSL Configuration.
What is SAP Data Services
As per standard details provided by SAP, Data Services software improves the quality of data across the enterprise. As part of the information management layer of SAP’s Business Technology Platform, it delivers trusted, relevant, and timely information to drive better business outcomes. With SAP Data Services, IT organizations can access and exchange data between on-premise and cloud environments – with support and connectivity for loading large and diverse data types. For example, the data extraction capability in SAP Data Services provides fast data transfer from Google BigQuery to any database, such as Apache Hadoop, the SAP HANA® database, SAP IQ database software, and other cloud storage services for improved data processing performance.
SAP Data Services empowers you to improve, enhance, and consolidate data. Specifically, you can:
- Parse, standardize, and correct data from any source, domain, or type
- Validate data according to business rules and requirements
- Enrich data with internal or external data sources to fill gaps within data you already have
- Match and consolidate data by embedding data duplication checks directly into workflows or applications
- Perform data quality checks on data sets anytime, in real time, before analyzing, moving, or integrating data
Also ReadReset or Refresh Table Buffer in SAP
SAP Data Services can have Apache TomCat as Web Server or it can be SAP Application Web Server as well. Hence configuration for SSL will be little different based on Web Server used. In this article we will be focusing on SAP Data Services with Apache TomCat Web server.
To Configure SSL for SAP Data Services, please follow below steps.
Navigate to the path
<Installdir>/SAP Business Objects Enterprise XI 4.0/linux_x86/sapjvm/bin/
Execute below command.
keytool -genkeypair -alias tomcat -keyalg RSA -keysize 2048 -keystore <host>.<fqdn>.keystore
Note : If there is existing keystore file, then make sure to take backup of the same.
Enter below information when prompted.
Password: ********* Name: <Host>.<FQDN> Oraganizational Unit=<Dept> Organization=<Company Name> City=<City> State=<State Name> Country=<Country Code, like IN for India>
At the end, you will be prompted for the keystore password again.
Once finished, a self signed .keystore file will get created in the working folder.
<Installdir>/SAP Business Objects Enterprise XI 4.0/<os>/sapjvm/bin/<host>.<fqdn>.keystore
Move this keystore file from this directory to one in the Business Objects folder.
mv <Installdir>/SAP Business Objects Enterprise XI 4.0/<os>/sapjvm/bin/<host>.<fqdn>.keystore <Installdir>/SAP BusinessObjects/
Browse to Tomcat’s server.xml file and create a backup.
cp <Installdir>/SAP BusinessObjects/Tomcat<>/conf/server.xml <Installdir>/SAP BusinessObjects/Tomcat<>/conf/server.xml_backup
Open and edit the server.xml file in a text editor.
Uncomment the section below and add the two commands after keystorePass & keystoreFile.
Uncomment the connector below.
<Connector port=""8443"" protocol=""org.apache.coyote.http11.Http11NioProtocol....>
Modify the connector to match the parameters below.
<Connector port=""8443"" protocol=""org.apache.coyote.http11.Http11NioProtocol"" maxThreads=""200"" SSLEnabled=""true"" scheme=""https"" secure=""true""> <SSLHostConfig protocols=""TLSv1.2""> <Certificate certificateKeystoreFile=""<Installdir>/SAP BusinessObjects/"" certificateKeystorePassword=""<Previously Entered Password>"" /> </SSLHostConfig> </Connector>
All URLs should be accessible on HTTPS via port 8443. For Ex.
Our 80% work is done, but this https or SSL is with self signed certificate, hence still not fully secure. To get it signed, we need to create CSR and send it to CA (Certificate Authority) for sign. Lets first Create a CSR, to do that execute below command.
keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore <host>.<fqdn>.keystore
If promted for password, enter Previously provided password.
Send CSR to Company CA for Signing.
Once you receive Signed cert and chain certs, Import them as follows.
keytool -import -alias root -keystore <host>.<fqdn>.keystore -trustcacerts -file
# keytool -import -alias root -keystore <host>.<fqdn>.keystore -trustcacerts -file <filename_of_the_chain_certificate> # keytool -import -alias tomcat -keystore <host>.<fqdn>.keystore -file <your_certificate_filename>
Restart DS application.
That’s it, you are done with SSL Configuration. Now Data Services application will be accessible on https i.e. SSL.