Early Access: The content on this website is provided for informational purposes only in connection with pre-General Availability Qlik Products.
All content is subject to change and is provided without warranty.
Skip to main content Skip to complementary content
Qlik Resources
Search
Loading SearchUnify's search If you need assistance with your product, please contact Qlik Support.
Qlik Customer Portal

Prerequisites

This topic describes the prerequisites that must be fulfilled before using the SAP HANA target endpoint in a replication task.

Drivers

Information noteReplicate has been certified to work with SAP HANA ODBC 64-bit Driver 2.2, which can be downloaded from the SAP Service Marketplace. As SAP HANA ODBC Driver versions are constantly being released, it is not possible to certify compatibility with every version. We therefore recommend working with the certified version, even though later versions might also work without any issues.

Windows

Install the SAP HANA ODBC 64-bit Driver for Windows on the Replicate Server machine. The driver name is HDBODBC.

Linux

Download the SAP HANA ODBC 64-bit Driver from the SAP Software Download Center. You must have an account with SAP to download the software.

Example driver name: HDBODBC

Then, open a shell prompt and do the following:

  1. Stop the Replicate service and optionally confirm that it has stopped as described in Replicate server procedures.

  2. Install the SAP HANA ODBC 64-bit Driver for Linux on the Replicate machine.

  3. Add the following section to the odbcinst.ini file located in directory /etc:

    [HDBODBC]

    Description=64-bit HANA ODBC Driver

    Driver=/opt/sap/hdbclient/libodbcHDB.so

    fileUsage=1

  4. Start the Replicate service and optionally confirm that it has started as described in Replicate server procedures.

SSL prerequisites

This section describes the prerequisites for using the Enable SSL option in the SAP HANA endpoint's General tab. The Enable SSL option allows you to connect to SAP HANA using SSL.

What you need

  • An exported certificate (.crt) of the SAP server. Export the certificate as follows:
    1. Log into the SAP system.
    2. Run STRUST transaction.
    3. Select SNC SAPCryptolib.
    4. Select the subject under Own Certificate.
    5. Click the Display > Change option, and select Export certificate.
    6. From the Certificate section, choose the type and save the file.
  • SAPCAR.EXE
  • SAP user (authorized customer)
  • The version of CommonCryptoLib for Windows (sapcrypto.dll) or Linux (libsapcrypto.so) which is installed on the corresponding SAP server.

The procedure

  1. Create aSEC folder according to the OS on which Replicate is installed:

    Windows

    Create the SEC folder anywhere on the file system.

    Linux

    Create a folder named sec under the attunity user, for example: /home/attunity/sec

  2. Copy the exported server certificate and SAPCAR.EXE to your sec folder.
  3. Go to https://support.sap.com/en/my-support/software-downloads.html and search for SAPCRYPTOLIB under Installations & Upgrades. Download the 64-bit .SAR to your sec folder.

  4. Open a command prompt and change the working directory to your sec folder. Then run the following command to unpack the content of the .SAR file to your sec folder:

    sapcar -xvf LibName.sar

    Example:

    sapcar -xvf SAPCRYPTOLIBP_8541-20011731_32.SAR

    Warning noteMake sure to rename the SAPCAR.EXE to sapcar.

  5. Determine the <PSE_File_Name> and choose a <PSE_PIN> to protect it. You will need to provide this information in the next steps.

    Example:

    pseName: sapcli.pse password: password123

  6. Determine the Distiguished Name (DN) for the server. It should look something like this:

    The Distinguished Name consists of the following elements:

    • CN = Common_Name
    • OU = Organizational_Unit
    • O = Organization

    • C = Country

    Tip note

    For a HANA server where ABC is defined as the Common Name, Test as the Organizational Unit, MyCompany as the Organization, and DE (Germany) as the country, the Distinguished Name would be:

    CN=ABC, OU=Test, O=MyCompany, C=DE

  7. Make sure you have the required permissions to access and execute the files in the SECUDIR folder, and then run the following command to generate the PSE file:

    sapgenpse get_pse -p <PSE_File_Name>.pse -x <PSE_PIN> <SNC_NAME>

    Example:

    sapgenpse get_pse -p usr.pse -x password123 "CN=USR,OU=SAP,O=Qlik,C=IS"

  8. Bind the PSE file with the OS user and create the CRED_V2 file in SEC folder as follows:
    1. Make a note of the OS user under which Replicate is running:
      • Windows: Open the Services console and double-click the Qlik Replicate Server service to open the properties dialog. Look in the Log On tab.
      • Linux: Run the ps aux command.

    2. Run the following command:

      sapgenpse seclogin -p <PSE_File_Name>.pse -x <PSE_PIN> -O <OS_USER>

      Example:

      sapgenpse seclogin -p usr.pse -x password123 -O SYSTEM

  9. Generate the CRT file by executing the following command:

    sapgenpse export_own_cert -o <PSE_File_Name>.crt -p <PSE_File_Name>.pse -x <PSE_PIN>

    Example:

    sapgenpse export_own_cert -o usr.crt -p usr.pse -x password123

  10. Import the SAP HANA server certificate (<SERVER_CRT>) to the PSE by executing the following command:

    sapgenpse maintain_pk -a <SERVER_CRT>.crt -p <PSE_File_Name>.pse -x <PSE_PIN>

    Example:

    sapgenpse maintain_pk -a sapsys.crt -p usr.pse -x password123

  11. To verify that the DN of the SAP HANA server's PSE was imported into the client, run the following command and then check the "subject" value:

    sapgenpse maintain_pk -v -l -p <PSE_File_Name>.pse

    Example:

    sapgenpse maintain_pk -v -l -p sapcli.pse

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!

Leave your feedback here