Administrator

Configure Secure Access to SAP Gateway with X.509 Certificates

Use single sign-on and X.509 certificates to configure secure communications between SAP Mobile Platform applications that are running on mobile devices and SAP Gateway systems.

To configure security, you need:
  • Access to SAP Service Marketplace. To request a user ID, navigate to SAP Service MarketplaceInformation published on SAP site.

  • A tool to create certificates, such as OpenSSH, or a Certificate Authority. You can download OpenSSH for Windows from: SourceForge.NetInformation published on non-SAP site.

  • A Chrome Web browser.

  • A Google account.

  • The Postman REST Client. In Chrome, navigate to the: Chrome Web StoreInformation published on non-SAP site, search for "postman rest client" and download Postman.

NoteThe following image contains links to more information.
Create an application that connects to the SAP Gateway RMTSAMPLEFLIGHT service, which is included with Gateway. Create a self-signed certificate authority (CA), or use an existing one. If you use your own CA, you will need the CA certificate later. Create an end-user certificate to reside on the mobile device. Each user must have a unique certificate. Test that the application you created can connect to the SAP Gateway system. Enable single sign-on (SSO) to your SAP Gateway system. Import the back-end SSL certificate, the self-signed root certificate, and the technical-user certificate into the SAP Mobile Platform shared keystore. Create a self-signed certificate authority (CA), or use an existing one. If you use your own CA, you will need the CA certificate later. Create a security profile, and configure it to use an X.509 authentication provider. Obtain an SAP Gateway SSL certificate so you can connect to the Gateway service via HTTPS.
Securing communication between mobile applications and SAP Gateway requires you to perform the following configuration tasks on the server machine and the Gateway system.
Server-Side Tasks SAP Gateway Tasks
Create a Self-Signed Root Certificate Authority Enable SSO on a Gateway system
Create a Technical-User Certificate Create Gateway User Accounts
Create an End-User Certificate Import the Root CA into Gateway
Import End-User Certificates Map User Certificates in Gateway
Obtain an SSL Certificate Activate and Test a Gateway Service
Import X.509 Certificates into the Server Keystore  
Create a Security Profile with X.509 Authentication  
Configure an Application to use X.509 and Gateway  
Test an Application Connection to Gateway  

Perform the tasks in the following order: