SSL stress with SAP vs .cloud.ptvgroup.com

Bernd Welter · Post by **Bernd Welter** » Fri Aug 19, 2016 7:03 am

Hello together,

the following issue was raised during some evaluations of our PTV xServer INTERNET in combination with SAP and some specific components.

We use GeoTrust as Certificate Authority (CA) for the SSL access to our cloud services. GeoTrust is a large certificate providerthat is supported by all major browsers. Furthermore GeoTrust is supported by SAP , e.g. as Load Balancer Root Certificate.
https://proddps.hana.ondemand.com/dps/d ... 6cdea.html

But: GeoTrust is not part of the list of CA's for outbound SSL connections of SAP HANA JVM:
https://help.hana.ondemand.com/help/fra ... d4668.html

: Comparison of the lists

This prevents customers to connect from such a SAP HANA JVM to xServer INTERNET (or to any other HTTPS service that uses GeoTrust as CA). We are currently evaluating how to deal with this info - maybe there is a specific reason for this condition but we are not aware of the cause.
For those who have close connections to SAP: contribution is welcome.

Further details are available here: http://xserver.ptvgroup.com/forum/viewt ... f=41&t=276

Best regards Bernd

Bernd Welter · Post by **Bernd Welter** » Fri Aug 19, 2016 7:06 am

Meanwhile we have some new info: (Thanks Oli!)
Obviously it is possible to extend the keystore of a SAP HANA Cloud, looks like this is a new feature and so the workaround is no longer necessary:

For SSL connections to services which use different certificate issuers, you need to configure trust to use the keystore service of the platform. For more information, see Tutorial: Using the Keystore Service for Client Side HTTPS Connections.

https://help.hana.ondemand.com/help/fra ... d4668.html

Anyhow: we still wonder why GeoTrust is no longer part of the default...

Regards Bernd

PTV Group - Logistics Forum

SSL stress with SAP vs .cloud.ptvgroup.com

SSL stress with SAP vs .cloud.ptvgroup.com

Re: SSL stress with SAP vs .cloud.ptvgroup.com