Administrator

Enabling a Direct HTTPS Connection to SAP Mobile Platform Server

SAP Mobile Platform includes two HTTPS listeners that clients can use to directly communicate with the SAP Mobile Platform Server HTTPS port. With the one-way HTTPS listener, the server certificate goes to the client; with the two-way HTTPS listener, the client must also send its certificate to the server for mutual authentication.

Context

Both listeners use the server certificate identified by the smp_crt alias in the local keystore. The SAP Mobile Platform installation process creates this self-signed certificate. Most clients and servers do not trust a self-signed certificate, so SAP recommends that you use a trusted CA to sign a replacement certificate for the server.

Use Management Cockpit to import the signed certificate into the local keystore; use the alias smp_crt.

The summary steps for enabling a direct HTTPS connect to SAP Mobile Platform Server include:

Procedure

  1. Obtain a valid signed server certificate for your SAP Mobile Platform Server.
  2. Import the certificate into the local keystore file, local_smp_keystore.jks, using the smp_crt alias. See Updating the Default Certificate for HTTPS Connections.
  3. Import the CA signing certificate used to sign client certificates into the shared keystore file smp_keystore.jks as a trusted CA certificate, so that SAP Mobile Platform can validate client certificates.
  4. Add the X.509 User Certificate provider to the security profile assigned to your application.
  5. Restart the server to pick up the new certificate.