Securing Your SAP Business One Infrastructure with SSL Certificates

Richard Duffy
Richard Duffy in SAP Business One, Cybersecurity Week October 27, 2017

Because of my experience and profile within the SAP Business One ecosytem (and now ONE.Source | The ASUG Community for SAP Buiness One), I get a lot of inbound questions about issues that people encounter with their deployments.

Some of the most common questions relate back to the deployment of SAP Business One components such as the Web Client, the Cloud Control Center, and the web-based admin consoles that are now an integral part of all things SAP Business One (and are enhanced in SAP Business One Version 9.3).

Enhancements in Version 9.3

As ASUG Cybersecurity Week wraps up, here are a few recommendations based on frequently asked questions I receive about securing SAP Business One. (By the way, if you missed any of ASUG Cybersecurity week, you can still access the webcast series on demand).

Acronym Soup: What's an FQDN and Why Do You Need One?

By far, the strongest recommendation I have if you are deploying SAP Business One these days is to make sure that you start using Fully Qualified Domain Names (FQDNs) for all your servers. I also recommend you get a wildcard SSL Certificate for your domain name to secure all the web components in your deployments. That way you can easily map the servers to public IP addresses and, using an internal DNS Server map, the same FQDN's to internal non-routable IP addresses.

fully qualified domain name is the complete domain name for a specific computer, or host, on the internet. The FQDN consists of two parts: the hostname and the domain name. For example, an FQDN for a hypothetical SAP HANA server might be hana.smbsolutions.com.au

Don't mess around with the self-signed certificates that SAP Business One components install with B1i, the Cloud Control Center, and other components: you will go crazy, and your users will get freaked out with all the site insecure warning messages they'll get if these aren't installed and propagated out correctly.

Yes, wildcard SSL certificates are more expensiv; but with one certificate, you can effectively secure any and all components of the deployment from SQL Server to SAP HANA, from Remote Desktop Protocol(RDP)-based services to the B1i Admin console.

In computer networking, a  wildcard certificate is a public key certificate which can be used with multiple subdomains of a domain. The principal use is for securing web sites with HTTPS, but there are also applications in many other fields.

I always do this and I have to tell you, I never run into issues running or accessing my SAP Business One deployments.

Let's Encrypt – Free SSL Certificates

If budget is an issue, you can also access free SSL Wildcard certificates from Let's Encrypt starting January 2018. Current Let's Encrypt certificates expire every 90 days, so I find them too much work; but if you don't mind the extra work, this could be a cost-effective solution for you. Learn more about Let's Encrypt on their website.

Have a Question about Security SAP Business One?

This discussion need not end with the conclusion of ASUG Cybersecurity week. You can ask your questions in the Q&A section of our ONE.Source Community forum or in our Facebook group. These forums are just getting started, but I will be moderating both to help you find answers and to crowdsource hot topics from within our community. 

Learn About ONE.Source
The ASUG Community for SAP Business One