If you try to manage your HANA certificates via SQL you might want to set the “OWN CERTIFICATE” where you come across the following error in your SQL Commandline:

1
2
Could not execute 'ALTER PSE HANA\_X509 SET OWN CERTIFICATE '-----BEGIN RSA PRIVATE KEY----- ...'
SAP DBTech JDBC: [5634]: Certificate definition inconsistent

Looking at the indexserver trace you will find:

1
2
[113263]{213394}[35/-1] 2016-05-24 15:44:56.384001 e Crypto check\_pse\_store.cc(00178) : Trying to add invalid certificate as part of own certificate PEM: exception 1: no.301116 (Crypto/CertAdm/CertStore/CertificateStoreChecker.cpp:83)
 Basic constraints not supported with certificate version!

Stacktrace
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
exception throw location:
 1: 0x00007f85d03166e4 in Crypto::CertificateDefinitionInvalidException::CertificateDefinitionInvalidException(char const\*, char const\*, int)+0x10 at Exception.cpp:240 (libhdbbasement.so)
 2: 0x00007f85d02ebf1b in Crypto::CertAdm::CertificateStoreChecker::checkCreate(ptime::Transaction&, ltt::basic\_string > const&)+0x7d7 at CertificateStoreChecker.cpp:83 (libhdbbasement.so)
 3: 0x00007f85ba4dcaac in ptime::QueryChecker::alter\_pse(ptime::qp\_alter\_pse const\*, ptime::Query::Plan::SecurityContext\*)+0x4c8 at check\_pse\_store.cc:168 (libhdbrskernel.so)
 4: 0x00007f85ba5c0a19 in ptime::QueryChecker::check\_ddl(ptime::qp\_ddl const\*, ptime::Query::Plan::SecurityContext\*)+0x1e85 at query\_check.cc:1966 (libhdbrskernel.so)
 5: 0x00007f85ba5c6d73 in \_ZN5ptime12QueryChecker5checkERNS\_11TransactionEPKcPKNS\_13qp\_parse\_treeEPNS\_21so\_transient\_calcplanEPN7ltt\_adp6vectorIN4expr8typeenum8TypeEnumEN3ltt17integral\_constantIbLb1EEEEEPNS\_7IdTableEPNSB\_INSF\_4pairINS\_15qp\_column\_ref\_tENS\_5fti\_tEEESH\_EEPN13Authorization3SQL12SQLCheckListEbS4\_S4\_PNS\_5Query4Plan16SQLScriptContextEPNSX\_15SecurityContextEPNS\_11ProcCheckerEbPNS\_10SQLWarningEbPbPibb+0x500 at query\_check.cc:333 (libhdbrskernel.so)
 6: 0x00007f85bb7c7391 in ptime::Query::\_check(ptime::qo\_Context\*, ptime::Transaction&, char const\*, ptime::qp\_parse\_tree const\*, char const\*, char const\*, bool, ptime::IdTable\*, ptime::so\_transient\_calcplan\*, ptime::Query::Plan::SQLScriptContext\*, ptime::Query::Plan::SecurityContext\*, unsigned long, bool\*, int\*, bool, bool)+0x1b0 at query.cc:5589 (libhdbrskernel.so)
 7: 0x00007f85bb7bd73b in ptime::Query::compile\_parse\_tree(ptime::Transaction&, char const\*, bool, char const\*, char const\*, void\*, ptime::Query::Plan\*, ptime::ptl::stp\_heap\*, ptime::qo\_Context&, ptime::Query::PlanVizQueryFlag&, ptime::IdTable\*, bool, bool, bool, unsigned long, bool, bool, bool, ptime::qo\_Rel\*\*)+0x5d7 at query.cc:3493 (libhdbrskernel.so)
 8: 0x00007f85bb7c4b18 in ptime::Query::compile(ptime::Transaction&, char const\*, bool, char const\*, char const\*, char const\*, ptime::Query::PlanHandle&, ptime::IdTable\*, bool, bool, bool, bool, unsigned long\*, ptime::qo\_Context\*, bool, char const\*, bool, ltt\_adp::basic\_string, ltt::integral\_constant > const\*, bool, bool, bool, ptime::qo\_Rel\*\*, bool, bool)+0x1204 at query.cc:1380 (libhdbrskernel.so)
 9: 0x00007f85bb80dfec in ptime::Query::PlanCache::compile\_(ptime::Transaction&, char const\*, char const\*, bool, char const\*, ptime::Query::PlanHandle&, unsigned long\*, ptime::Query::Plan::CustomPlanInfo const&, bool)+0x298 at query\_cache.cc:920 (libhdbrskernel.so)
10: 0x00007f85bb818231 in ptime::Query::PlanCache::compile\_and\_insert\_(ptime::Transaction&, char const\*, char const\*, bool, char const\*, ptime::Query::PlanHandle&, ptime::Query::Plan::CustomPlanInfo const&, bool)+0x140 at query\_cache.cc:578 (libhdbrskernel.so)
11: 0x00007f85bb81a37a in ptime::Query::PlanCache::lookup\_or\_compile\_(ptime::Transaction&, char const\*, char const\*, bool, char const\*, ptime::Query::PlanHandle&, bool)+0x696 at query\_cache.cc:478 (libhdbrskernel.so)
12: 0x00007f85bb81b080 in ptime::Query::PlanCache::lookup\_or\_compile(ptime::Transaction&, char const\*, char const\*, bool, char const\*, ptime::Query::PlanHandle&, bool)+0xb0 at smartptr\_handle.hpp:349 (libhdbrskernel.so)
13: 0x00007f85bbb577ba in ptime::Statement::lookupOrCompileCode\_()+0x116 at Statement.cc:891 (libhdbrskernel.so)
14: 0x00007f85bbb625cd in ptime::Statement::compile\_(Execution::Context&, char const\*, bool, bool, bool)+0x749 at Statement.cc:1009 (libhdbrskernel.so)
15: 0x00007f85bbafc607 in ptime::PreparedStatement::compile\_(Execution::Context&, char const\*, bool, bool, bool)+0x93 at PreparedStatement.cc:404 (libhdbrskernel.so)
16: 0x00007f85bba59ad6 in ptime::Connection::prepareStatement(Execution::Context&, ptime::SubTransaction\*, char const\*, char const\*, char const\*, int, int, bool, bool, bool, int, bool)+0x422 at Connection.cc:2373 (libhdbrskernel.so)
17: 0x00007f85bba471f4 in ptime::Connection::prepareStatement(ptime::SubTransaction\*, char const\*, char const\*, char const\*, int, int, bool, bool, bool, int, bool)+0xe0 at Connection.cc:2149 (libhdbrskernel.so)
18: 0x00007f85bba46337 in ptime::Connection::prepareStatement(ptime::SubTransaction\*, char const\*, bool, bool, int, bool)+0x43 at Connection.cc:2091 (libhdbrskernel.so)
19: 0x00007f85bba46376 in ptime::Connection::prepareStatement(char const\*, bool, bool, int, bool)+0x22 at Connection.cc:2081 (libhdbrskernel.so)
20: 0x00007f85bec80495 in ptime::SessionCodecNewdb::deCreateQidPrepared(Execution::Context&, Communication::Protocol::RequestPacket&)+0x4b1 at sm\_codec\_newdb.cc:1756 (libhdbsqlsession.so)
21: 0x00007f85bec80e60 in ptime::SessionCodecNewdb::dVendorMessage(Execution::Context&, ptime::orawstream&)+0x370 at sm\_codec\_newdb.cc:669 (libhdbsqlsession.so)
22: 0x00007f85bec434e9 in ptime::SessionCodec::decodeMessage(Execution::Context&, ptime::orawstream&)+0x45 at sm\_codec.cc:250 (libhdbsqlsession.so)
23: 0x00007f85becac2b6 in ptime::SessionHandler::doDecodeMessage\_(ptime::CommEventObjects&)+0x42 at sm\_handler.cc:1239 (libhdbsqlsession.so)
24: 0x00007f85becb286b in ptime::SessionHandler::receiveMessage(Execution::Context&, ptime::CommEvent\*)+0x3c7 at sm\_handler.cc:1513 (libhdbsqlsession.so)

The versions that i tried were 102.3, 102.4 and 102.5 where this occurred. After an Upgrade to 102.6 or to 112.2 or 112.0 this is solved. Confirmed by the release note 2290067 - SAP HANA SPS 10 Database Maintenance Revision 102.06:

Fixed a bug that causes the CREATE CERTIFICATE FROM ‘…’ statement to fail with “SAP DBTech JDBC: [5634]: Certificate definition inconsistent when used with certain types of certificates.” error message.