How to enable SSL/TSL support for SAP HANA agent

Document ID : KB000115863
Last Modified Date : 26/09/2018
Show Technical Document Details
Introduction:
Having a *.PSE file certificate from SAP for SSL configuration how should you proceed to configure a SAP HANA agent. As is the certificate cannot be imported to java keystore, nor is it  x.509 standard.

Without having SSL/TSL enabled, SAP HANA jobs will fail with error :
SAP DBTech JDBC:  [4321] :  only secure connections are allowed
Question:
How should a secure connection from the SQL agent to SAP HANA be set up?
Answer:
Follow the following steps:
1) Import the certificate in format *.cer to the JDK keystore and restarted DB Service Agent and SQL HANA Agent
- A certificate in *cer can be created by SAP authorized team.
- Certificates can also be converted from *.PSE format  to *.CER format using ' sapgenpse ' command on your Hana server:
sapgenpse get_pse -p <pse filename>.pse -a sha256WithRsaEncryption -s 2048 -noreq -x <password> "<xxx>"

2) Created an SQL Connection Object with type SQL HANA and connection parameters with parameter as ' encrypt ' and value as ' true'.
Secured connectivity can be verified after certificate import manually using the following command from the server :

/opt/uc4/java/jre1.8.0_131/bin/java -jar ngdbc.jar -u <user>,<password> -n <hostname:port> -c "SELECT DATABASE_NAME FROM SYS.M_DATABASES" -o encrypt=true

See also: https://help.sap.com/viewer/0eec0d68141541d1b07893a39944924e/2.0.03/en-US/9ac4e1eedbbc4961bce0db6ad64b3612.html

3) Execute SQL jobs using the created CONN object instead of login object.

Additional information about connection objects user Generic JDBC:
https://docs.automic.com/documentation/webhelp/english/AWA/12.1/DOCU/12.1/AWA%20Guides/help.htm#AWA/Objects/obj_Connection_overview.htm#SQL

SAP documentation regarding SSL activation inside the jdbc string (jdbc:sap://::[options] can be found here: https://www.sap.com/france/developer/tutorials/hxe-connect-hxe-using-jdbc.html And notably here where the Connection Properties are discussed: https://help.sap.com/viewer/0eec0d68141541d1b07893a39944924e/2.0.02/en-US/109397c2206a4ab2a5386d494f4cf75e.html