Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Support Trust Store certificates of Destination service

See original GitHub issue

An internal user who uses CAP wants to inject the server certificate from S/4HANA which currently fails with following error:

[cds] - Error: Error during request to remote service: self signed certificate

We are clarifying if/how to configure the necessary certificate in CAP or if this is something the SAP Cloud SDK could pick up automatically from the destination.

Link to internal issue: https://github.wdf.sap.corp/cap/issues/issues/9605

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:5 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
FrankEssenbergercommented, Apr 22, 2022

@gregorwolf

So we started finally working on it and I did some research. I will give here some ideas to provide some more context. If the server uses a self-signed cert the clients will not trust it. In such a case you can:

  • Enable trust all -> this is risky and you should not do it. Even in internal or test cases. Man in the middle attacks and somehow dangerous code can end up in produciton
  • Include the self-signed CA via NODE_EXTRA_CA_CERTS env variable. The node client will pick it up
  • Include the self-signed CA via agent property in your code

We will implement the last one in the SDK and take the value from the destination property TrustStoreLocation. In the first version we will not support jks files like for two way TLS. Only the naitively support formats in node which is pem in this case. However, once done you should be able to use the SDK with self-signed certificates if you add them to the destination.

Best Frank

0reactions
FrankEssenbergercommented, Jun 7, 2022

Here also the link to the documentation.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Use Destination Certificates - SAP Help Portal
Maintain trust store and key store certificates in the Destinations editor (SAP BTP cockpit). Prerequisites. You have logged on to the cockpit and...
Read more >
4.14. Using Shared System Certificates
The Shared System Certificates storage allows NSS, GnuTLS, OpenSSL, and Java to share a default source for retrieving system certificate anchors and black ......
Read more >
How the SAP Cloud SDK handles Trust and Keystores
Maintain the TrustStoreLocation property on the destination and select the uploaded certificate. The password value is only relevant for the java keys store...
Read more >
ONTAP AutoSupport using HTTPS fails validation when the ...
Detail: HTTP/S PUT connectivity check failed for destination: https://support.netapp.com/put/AsupPut/. Error: Peer certificate can not be ...
Read more >
Tutorial: Using a Custom Truststore with Amazon MSK
A Truststore is used to store certificates from Certified Authorities (CA) that verify the certificate presented by the server in an SSL connection....
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Is there any way to stop SAP Cloud SDK from cluttering the log with warnings for undefined HTTPS_PROXY?

Next page

Unable to get local issuer certificate when fetching CSRF token