The COMMONCRYPTOLIB and OPENSSL (If you are using self signed certificate) are required on the HANA server. This is normally already installed along with your HANA installation.
CommonCryptoLib (libsapcrypto.so) is installed by default as part of SAP HANA server installation at $DIR_EXECUTABLE.
Certificates stored in the file system are contained in database-specific personal security environments or PSEs (default $SECUDIR/sapsrv.pse).
Navigate to $SECUDIR
This ensures all the prerequisites are met and all environment variables are properly set.
- Create the PSE and Server Certificate Requests Using SAPGENPSEImportant Note:
- Do not enter password when requested for PSE PIN/paraphrase as it is not supported!
- Also, to secure internal communication, canonical name should be host specific, eg CN=”<hostname_with_domain>”. So when creating private CA on each host, parameter CN will be unique.
This creates two files:
- Create root the certificate for this hostHere you can use the pass phrase that you want.
You now have two more files in the directory:
- Sign the certificate request.You can get the certificate signed by CA. But since this is just for demo, we will sign the certificate using openssl.
A new file with name sapsrv.pem will be created in the same directory, $SECURDIR
With this step you have the certificate ready that can be used on Client machines.
In the next blog we will see how to use this certificate to login to HANA Database via HANA Studio using SSL.
- Import the server certificate into pse.Note that the pse file has a new timestamp with certificate added.
Import SAP Notes:
Virtual private cloud.
You can use a network address translation (NAT) gateway to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances.
NAT are ideal for instances which need one interntet connection for example patching but no incoming connection from internet.
Bastion hosts (Which are in a public subnet) should be used to connect to the instances in your private subnet.
Other way to connect to server in private subnet is to have a direct VPN connection.
You dont have to
Many times we come accross RFC connections of type TCP/IP connection which are not working or suddenly stop working with most infamous error “Program no registered”
Logon Connection Error
Error Details Error when opening an RFC connection
Error Details ERROR: program <program id> not registered
Error Details LOCATION: SAP-Gateway on host xxxxx / sapgwxx
Error Details DETAIL: TP xxxxx not registered
Error Details COMPONENT: SAP-Gateway
External program should always regsiter on the Gateway of the SAP application to be able to establish connectivity like SLD registers itself using RFC’s SLD_UC or SLD_NUC.
For example a ESB program like WSO2 should register on the gateway using connectors (.jar files normally). While registering, it will use details of the application/server like, gateway host, gateway service, Program ID, user name, password etc..
Once this program is registered you should be able to see this under the logged on clients in transaction SMGW:
You should see the program you registered under TP name. Once this is done, you are ready to create the required TCP/IP RFC using the same program ID under TP name.
If you are not able to see this TP Name registered, check the connectivity from you third party server to SAP gateways host by doing a telnet to gateway port.
If this works, it could be your gateway ACL parameters are blocking the connection.
Check you profile parameters for gw/acl_mode, gw/sec_info and gw/reg_info etc and adjust them accordingly,
2104408 – Checklist for “program <program ID> not registered” errors
In continuation to my previous blog cannot load tile – SAP Fiori, I continue discussion the other error we faced after the upgrade of S/4HANA system from 1511 to 1610.
“Could not open app. Please try again later”.
Ensure that the following steps are taken care off after the upgrade:
- Review OSS note 2346431 – SAP S/4HANA 1610: Release Information Note (https://launchpad.support.sap.com/#/notes/0002346431) and apply all the recommended notes mentioned for the target FPS/SPS level you just upgraded to. As a suggestion, apply all SAP_ABA, SAP_BW, and SAP_BASIS to both Frontend and Backend. While S4Core are only for backend.
- Ensure the scheduling of report /UI5/APP_INDEX_CALCULATE is running and if not, please schedule and run the job.
- Ensure the scheduling of report /UI2/GET_APP_DESCR_REMOTE is running and if not, please schedule and run the job.
- Ensure the following reports are also run in the Frontend Server:
If this does not solve your issue, jump to next steps:
Create RFC destinations as per SAP note SAP Note 2269272 and Replicate App Descriptors from Back-End System.
Check again if your app works. If not continue with next steps:
Compare the App details from the app launcher with the details on the SAP Fiori App Reference Library.
App launcher url looks like:
On app launcher, you should find the Odata (/n/iwfnd/maint_service) and ICF service (SICF) details for the app that should be active on the front end server:
Ensure that the SICF services are active and you are able to test it successfully and also the odata service is active and mapped to right System Alias.
Note: Service here points to local system alias as I have my front end and back end configured on the same application. Please check correctness of your alias to be used.
If you are not able to find the services for the app, its time for an incident towards SAP.
Please let me know if this solves your issues or if you have any questions in the comments below.
After upgrade of S/4HANA application from 1511 to 1610, we had few of our SAP standard Fiori apps choking.
Errors were different. Below are the steps we followed to fix “Cannot load tile”.
Edit home page:
Delete the tile:
Open app finder from the same screen:
Now you jump to the screen from where you can add the tiles you need.
Pin the tiles which you need.
Now go back to the home screen and see if you have the apps you need back on the screen.
2425949 – Analytical apps cannot be loaded.
2485294 – Cannot load tile after transporting from client to a client on the same system
2503862 – Cannot load tile Schedule Billing Apps
2471599 – Cannot load Fiori Analytical Applications
2594655 – Fiori Launchpad – Cannot Load Tile error on some tiles