By default, the Cloud Connector uses a self-signed UI certificate. It’s used to encrypt the communication between the Administration UI in the browser and the Cloud Connector. For security reasons, you should replace this certificate with your own one to let the browser accept the certificate without security warnings.
The figure describes how to exchange the UI certificate.
To exchange the UI certificate of a master instance, perform the following steps:
- Within the Administration UI, navigate to Configuration, and then to USER INTERFACE.
- In the UI Certificate section, start a procedure to request certificate signing by choosing the icon Generate a certificate signing request.
- In the Generate CSR window, specify a key size and a Common Name fitting to the Cloud Connector host name. In the Subject Alternative Names section, you can add other values by pressing the Add button. You can, for example, use the DNS option to specify a virtual hostname or a wildcard name (such as *.sap.com).
- Choose Generate.
- You’re prompted to save the certificate signing request (CSR) in a file. The content of the file is the signing request in PEM format.
- The certificate signing request must be provided to a Certificate Authority (CA) - either one within your company or another one you trust. The CA signs the request and the returned response should be stored in a file using the PEM format.
- Select Browse to locate that file and then choose the Import button.
- Restart the Cloud Connector to activate the new certificate.
In the exercise below you will replace the UI certificate of the Cloud Connector.
Now, you’re able to exchange UI certificates.