Administrator

Creating the Keystore for Data Encryption

For credit card payments, the default Mobiliser configuration uses asymmetric encryption to secure credit card and bank account information in the front end, and a dummy payment handler implementation in the back end to decrypt credit card payments.

Context

Execute all operations as the sybase user and be sure to note all passwords for later reference.

Procedure

  1. Log in to SAP Mobile Platform Server.
  2. Create a new directory:
    mkdir -p <SMP_HOME>\Server\configuration\com.sap.mobile.platform.server.mobiliser.core\keys
  3. Change to the new directory:
    cd <SMP_HOME>\Server\configuration\com.sap.mobile.platform.server.mobiliser.core\keys
  4. Generate a new keystore and key and modify the dname parameters as required:
    keytool -genkey -validity 7305 -keystore mobiliser.jks -alias mobiliser_card -keysize 2048 -storepass changeit -keypass changeit -keyalg RSA -dname "CN=Mobiliser Platform, OU=System, O=Sybase, L=Raunheim, S=Hessen, C=DE"
  5. Export the mobiliser_card public key using the keystore password entered in step 4:
    keytool -export -alias mobiliser_card -file mobiliser_card.crt -keystore mobiliser.jks
  6. Import the mobiliser_card certificate in the new keystore and change the keystore password:
    keytool -import -alias mobiliser_card -file mobiliser_card.crt -keystore mobiliser_pub.jks -storepass changeit
  7. Generate a new key in the same keystore generated in step 4:
    keytool -genkey -validity 7305 -keystore mobiliser.jks -alias mobiliser_bank -keysize 2048 -storepass changeit -keypass changeit -keyalg RSA -dname "CN=Mobiliser Platform, OU=System, O=Sybase, L=Raunheim, S=Hessen, C=DE"
  8. Export the mobiliser_bank public key using the keystore password entered in step 4.
    keytool -export -alias mobiliser_bank -file mobiliser_bank.crt -keystore mobiliser.jks
  9. Import the mobiliser_bank certificate into the keystore using the same keystore password entered in step 6:
    keytool -import -alias mobiliser_bank -file mobiliser_bank.crt -keystore mobiliser_pub.jks –storepass changeit
  10. Generate a new key into the same keystore entered in step 4:
    keytool -genkey -validity 7305 -keystore mobiliser.jks -alias mobiliser_odc_se_ks -keysize 2048 -storepass changeit -keypass changeit -keyalg RSA -dname "CN=Mobiliser Platform, OU=System, O=Sybase, L=Raunheim, S=Hessen, C=DE"
  11. Export the mobiliser_odc_se_ks public key using the password entered in step 4:
    keytool -export -alias mobiliser_odc_se_ks -file mobiliser_odc.crt -keystore mobiliser.jks
  12. Import the mobiliser_odc_se_ks certificate into the keystore using the same keystore password entered in step 6:
    keytool -import -alias mobiliser_odc_se_ks -file mobiliser_odc.crt -keystore mobiliser_pub.jks –storepass changeit
  13. Generate another key into the same keystore created in step 4:
    keytool -genkey -validity 7305 -keystore mobiliser.jks -alias mobiliser_odc_signing -keysize 1024 -storepass changeit -keypass changeit -keyalg RSA -dname "CN=Mobiliser Platform, OU=System, O=Sybase, L=Raunheim, S=Hessen, C=DE"
  14. Export the mobiliser_odc_signing public key using the password entered in step 4:
    keytool -export -alias mobiliser_odc_signing -file mobiliser_odc.crt -keystore mobiliser.jks
  15. Import the mobiliser_odc_signing certificate into the keystore using the same keystore password entered in step 6:
    keytool -import -alias mobiliser_odc_signing -file mobiliser_odc.crt -keystore mobiliser_pub.jks –storepass changeit
  16. Change the access privileges for the keystore that contains the keys:
    chmod 0600 mobiliser.jks

Next Steps

The public keys are loaded from the Web portals via a Web service call. Therefore, you must use the Operations Dashboard to configure passwords.