Add/Renew an SSL Certificate for SAP HANA

Enterprise Cloud

GUIDE

Internal / External parties under NDA

Document Owner:
SAP HANA Enterprise Cloud Delivery
JUNE 2020

“INTERNAL - This document is classified as INTERNAL. It may be made available to SAP HANA Enterprise
Cloud customers subject to the confidentiality terms under the agreement which customer purchased SAP HANA
Enterprise Cloud services (or under a valid non-disclosure agreement if no such contract exists yet with the
receiving party). This document and the information it contains is not intended for general public disclosure and
should not be shared, disseminated, or republished. The receiving party shall handle this document and the
information it contains as SAP confidential information. “

The processes and details as described in this document are only valid for SAP HANA Enterprise Cloud
services operated by SAP as the delivery organization. These processes and details may be different if
the services are delivered by an SAP Partner / supplier.
Copyright and Disclaimer

Copyright © 2020 SAP SE. All rights reserved.

THIS DOCUMENT IS PROVIDED BY SAP SE, ITS AFFILIATED COMPANIES AND/OR SAP’S SUPPLIER ("SAP GROUP")
FOR INFORMATIONAL PURPOSES ONLY, WITHOUT REPRESENTATION OR WARRANTY OF ANY KIND, AND SAP
GROUP SHALL NOT BE LIABLE FOR ERRORS OR OMISSIONS WITH RESPECT TO THE MATERIALS.

NO PART OF THIS DOCUMENTATION MAY BE REPRODUCED OR TRANSMITTED IN ANY FORM OR FOR ANY
PURPOSE WITHOUT THE EXPRESS PERMISSION OF SAP SE. ALL CONTENT IS CATEGORIZED AS CONFIDENTIAL
INFORMATION OF THE SAP GROUP.

THIS DOCUMENT IS INTENDED AS BACKGROUND INFORMATION AND DESCRIBES INTERNAL PROCESSES OF SAP
GROUP AND TECHNICAL DETAILS OF SOME ASPECTS OF THE HANA ENTERPRISE CLOUD SERVICES.

NOTHING CONTAINED HEREIN SHALL BE CONSTRUCTED TO BE A LEGALLY BINDING AGREEMENT UNDER

INTERNATIONAL LAW. THIS DOCUMENT DOES NOT MODIFY, SUPPLEMENT, DIMINISH, OR IN ANY WAY AFFECT
ANY AGREEMENT BETWEEN SAP OR AN SAP AFFILIATE AND ANY THIRD PARTY.

THE INFORMATION IN THIS DOCUMENT IS NOT A COMMITMENT, PROMISE OR LEGAL OBLIGATION TO DELIVER
ANY MATERIAL, CODE OR FUNCTIONALITY. THIS DOCUMENT IS PROVIDED WITHOUT A WARRANTY OF ANY KIND,
EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.

ALL FORWARD-LOOKING STATEMENTS ARE SUBJECT TO VARIOUS RISKS AND UNCERTAINTIES THAT COULD
CAUSE ACTUAL RESULTS TO DIFFER MATERIALLY FROM EXPECTATIONS. READERS ARE CAUTIONED NOT TO
PLACE UNDUE RELIANCE ON THESE FORWARD-LOOKING STATEMENTS, WHICH SPEAK ONLY AS OF THEIR
DATES, AND THEY SHOULD NOT BE RELIED UPON IN MAKING PURCHASING DECISIONS.

THIS DOCUMENT OR ANY RELATED DOCUMENT REGARDING SAP'S STRATEGY AND POSSIBLE FUTURE
DEVELOPMENTS, PRODUCTS AND OR PLATFORMS DIRECTIONS AND FUNCTIONALITY ARE ALL SUBJECT TO
CHANGE AND MAY BE CHANGED BY SAP AT ANY TIME FOR ANY REASON WITHOUT NOTICE.

ANY PROCESSES DESCRIBED AND INFORMATION GIVEN IN THIS DOCUMENT ARE SUBJECT TO CONTINUOUSLY
IMPROVEMENT PROCESS. THAT MEANS THE TECHNICAL CONCEPTS AND PRACTICES USED TO ACHIEVE THE
SERVICES DESCRIBED IN THIS DOCUMENT ARE EXPECTED TO CHANGE OVER TIME BY SAP GROUP. SAP GROUP
RESERVES EXPLICIT THE RIGHT TO CHANGE ANY CONTENT OF THIS DOCUMENT WITHOUT PRIOR NOTICE.

© 2020 SAP SE or an SAP affiliate company. INTERNAL / External parties under NDA 2
1 OVERVIEW
When having sensitive information on a website (including email and password), special security is needed. One
of the best ways to do that is to enable HTTPS, also known as SSL (secure socket layers), so that any
information going to and from a server is automatically encrypted. This prevents hackers from sniffing out
sensitive information form website visitors as it passes through the internet.

You can request the addition of a new SSL certificate. Please enter the FQDN or IP address where you would
like to have the certificate to be installed.

2 SERVICE DESCRIPTION ADD AN SSL CERTIFICATE

To request a new certificate for a Load Balancer the following parameters are needed. Please note that the
green highlighted values are dummy data and show an example.

Attribute Example Data Explanation

*Load Balancer dc13vlb01psf.byd.sap.corp As an FQDN please enter the FQDN or IP Address of
FQDN / IP: (172.19.105.203) the LB which shall receive the new certificate. It is the
URL that you (the customer) uses to access your
xyz.hec.ondemand.com system in HEC from the internet.
*SAP HEC HEC 01 Please choose the HEC Datacenter where the Load
Datacenter Balancer is located.
Disaster Recovery True / false Tic the box / select true if the certificate needs to be
applied to a Load Balancer in a DR Datacenter. (if
your contract has DR enabled, consult your EL/Tl
when in doubt).
DR Datacenter HEC 04 Please choose the DR Datacenter location.
Location
*Common Name: *.hec.customerdomain.com The Common Name (CN) represents the server name
which is protected by the SSL certificate. It is typically
access.customerdomain.com the domain name. This must match exactly what
you type in your web browser or you will receive
a name mismatch error.
Subject alternative The Subject alternative name allows you to
name (SAN) specify additional host names for this SSL
certificate. You can add multiple SANs.
*Division: Information Technology The division of your organization handling the
certificate. Please type in n.a. if you do not have
a value for this field.
*Organization: Digicert Inc. The legal name of your organization. This should
not be abbreviated and should include suffixes
such as Inc, Corp or LLC. Please type in n.a. if
you do not have a value for this field.
*Locality: Mountain View The city where your organization is located.
Please type in n.a. if you do not have a value for
this field.
*State or Province: Texas The state / region where your organization is
located. This should not be abbreviated. Please
type in n.a. if you do not have a value for this
field.

© 2020 SAP SE or an SAP affiliate company. INTERNAL / External parties under NDA 3
 *Country: US The two letter ISO code for the country where
your organization is located. Please type in n.a.
if you do not have a value for this field.
E-Mail Address: xzy@company.com An email address used to contact your
organization.
Challenge passwd123# The password which is used to encrypt the
Password certificate.
Additional Here you can type in additional information or
Comment comments.
Attachment Here you upload additional files if required.

Fields with a * are mandatory

3 SERVICE DESCRIPTION RENEW AN SSL CERTIFICATE

You can request that an existing SSL certificates for a customer gets renewed.

For this task we need the following parameter. Please note that the green highlighted values are just dummy
data and show just an example.

Attribute Example Data Explanation

*Load Balancer dc13vlb01psf.byd.sap.corp As an FQDN please enter the FQDN or IP
FQDN / IP: (172.19.105.203) Address of the LB which shall receive the new
certificate. It is the URL that you (the customer)
xyz.hec.ondemand.com uses to access your system in HEC from the
internet.
*SAP HEC HEC 01 Please choose the HEC Datacenter where the
Datacenter: Load Balancer is located.
Tic the box if the True / false Tic this box if the CSR details of your existing
CSR details have certificate have changed.
changed:
Common Name: vhcuswd1lb.hec.example.com Please enter the complete name of the
certificate which needs to be renewed.

Subject alternative The Subject alternative name allows you

name (SAN) to specify additional host names for this
SSL certificate. You can add multiple
SANs.
Expires on: 2019-11-23
(YYYY-MM-DD)
Division: Information Technology The division of your organization handling
the certificate
Organization: Digicert Inc. The legal name of your organization. This
should not be abbreviated and should
include suffixes such as Inc, Corp or LLC
Locality: Mountain View The city where your organization is located

© 2020 SAP SE or an SAP affiliate company. INTERNAL / External parties under NDA 4
 State or Province: Texas The state / region where your organization
is located. This should not be abbreviated.
Country: US The two letter ISO code for the country
where your organization is located.
E-Mail Address: xzy@company.com An email address used to contact your
organization.
Challenge Password passwd123# The password which is used to encrypt
the certificate.
Additional Comment Here you can type in additional
information or comments.
Attachment Here you upload additional files if
required.

Fields with a * are mandatory

The yellow marked fields are only visible and optional if you want to update the CSR details.

© 2020 SAP SE or an SAP affiliate company. INTERNAL / External parties under NDA 5
www.sap.com

© 2020 SAP SE or an SAP affiliate company. All rights reserved.

No part of this publication may be reproduced or transmitted in any form
or for any purpose without the express permission of SAP SE or an SAP
affiliate company.
SAP and other SAP products and services mentioned herein as well as their
respective logos are trademarks or registered trademarks of SAP SE (or an
SAP affiliate company) in Germany and other countries. Please see
http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark for
additional trademark information and notices. Some software products
marketed by SAP SE and its distributors contain proprietary software
components of other software vendors.
National product specifications may vary.
These materials are provided by SAP SE or an SAP affiliate company and/or
SAP’s Supplier for informational purposes only, without representation or
warranty of any kind, and SAP SE or its affiliated companies shall not be
liable for errors or omissions with respect to the materials. The only
warranties for SAP SE or SAP affiliate company products and services are
those that are set forth in the express warranty statements accompanying
such products and services, if any. Nothing herein should be construed as
constituting an additional warranty.
In particular, SAP SE or its affiliated companies have no obligation to pursue
any course of business outlined in this document or any related presentation,
or to develop or release any functionality mentioned therein. This document,
or any related presentation, and SAP SE’s or its affiliated companies’
strategy and possible future developments, products, and/or platform
directions and functionality are all subject to change and may be changed by
SAP SE or its affiliated companies at any time for any reason without notice.
The information in this document is not a commitment, promise, or legal
obligation to deliver any material, code, or functionality. All forward-looking
statements are subject to various risks and uncertainties that could cause
actual results to differ materially from expectations. Readers are cautioned
not to place undue reliance on these forward-looking statements, which
speak only as of their dates, and they should not be relied upon in making
purchasing decisions.