Trust the certificate in Linux

Owned by proaxia
Last updated: Feb 08, 2022
2 min read

In Linux servers there’s no certificate store similar to this known from Windows what actually makes entire operation much simpler. In order to make Message Broker running in Linux server trust the certificate presented by SAP service it is enough to copy its Thumbprint to Message Broker’s configuration file

Server’s certificate and its fingerprint

 

SapDefinitions: - Id: sap1 #UserName: smr UserName: kbp Password: PasswordSecure: wbXKZL7pvy4c Url: https://172.16.50.20:443/sap/bc/srt/rfc/pacg/ecm_ws/100/pacg_ecm_ws/pacg_ecm_ws # if SAP HTTPS certificate is not trusted by itself (e.g. not signed by trusted CA or not added to trusted certificate store) # Message Broker can trust it if its fingerprint matches HttpsCertificateFingerprint below HttpsCertificateFingerprint: 61A5E129460F22D0FC4345F2097F9CBD8CF744CE

The value of HttpsCertificateFingerprint - 61A5E129460F22D0FC4345F2097F9CBD8CF744CE is copied from the certificate visible in the picture on the left

In case of providing incorrect thumbprint value following warning can be found in a log file:

Message Broker log file

It shows both expected thumbprint value (the value which is provided in the config) and value received from the server’s certificate.

If you'd like to help us improve the documentation, please provide your feedback using the communication channels listed /wiki/spaces/PFCC/pages/1561427969. Learn about support possibilities here.