SSL Configuration of the SAP Host Agent

As user root:

# cd /usr/sap/hostctrl/

# cd exe

# mkdir sec

# cd sec

Set envrionment

# export SECUDIR=/usr/sap/hostctrl/exe/sec

reate server PSE

# /usr/sap/hostctrl/exe/sapgenpse get_pse -p SAPSSLS.pse -noreq -x <PASSWORD> "CN=<HOSTNAME>"

# ll /usr/sap/hostctrl/exe/sec/SAPSSLS.pse

Grant Host Agent access to the server PSE

# /usr/sap/hostctrl/exe/sapgenpse seclogin -p SAPSSLS.pse -x <PASSWORD> -O sapadm

Verify the chain

# /usr/sap/hostctrl/exe/sapgenpse get_my_name -p SAPSSLS.pse -x <PASSWORD> –v

Allow file access

# chmod 644 /usr/sap/hostctrl/exe/sec/SAPSSLS.pse

Restart Host Agent

# /usr/sap/hostctrl/exe/saphostexec –restart pf=/usr/sap/hostctrl/exe/host_profile

SAP Host Agent should now be listening on port 1129

# cd /usr/sap/hostctrl/work

# grep 1129 /usr/sap/hostctrl/work/sapstartsrv.log

Webservice SSL thread started, listening on port 1129

Trusted https connect via Unix domain socket '/tmp/.sapstream1129' enabled.