Administrator

Managing Certificates

Manage SAP Mobile Platform certificates using Management Cockpit. You can import or delete a certificate, and change its password. Certificates and their passwords are saved in a keystore.

Context

SAP Mobile Platform includes two keystore files, with the same initial password:
  • local_smp_keystore.jks – created and maintained by the product installer; on each cluster node, stores certificates for the local server, from which you access Management Cockpit. These certificates are used for HTTPS connections.

  • smp_keystore.jks – maintained by system administrators; stores trusted certificates and PKCS #12 certificates for technical user back-end connections, and the truststore. This keystore syncs to all servers in a cluster, so you need not import these certificates into each node.

If you update the password for an alias in a keystore, the server automatically updates all the private-key passwords in that keystore to the same password.

If you manually configure additional HTTPS listeners in the Tomcat server XML file, you cannot manage the corresponding certificate aliases using Management Cockpit; instead, update local_smp_keystore.jks using the keytool utility.

Procedure

  1. In Management Cockpit, select Start of the navigation path Settings Next navigation step Certificates End of the navigation path.
  2. To import a certificate into the keystore that is shared by all servers in the cluster, select Shared Keystore Entries. To import or update certificates in the local keystore, see Updating the Default Certificate for HTTPS Connections.
  3. Click the Import icon , and in the Import Certificate dialog, define:
    • Certificate Type – select the certificate type, PKCS #12 or X.509.

    • Alias – unique name for the certificate.

    • Certificate File – name and location of the certificate file. To select the file, click Browse.

    • (For PKCS #12 certificates) Private Key Password – password for the private key. X.509 certificates are trusted and do not have private keys.

    If you import a certificate with the alias smp_crt, it is ignored.

  4. Click Import.

    The icons in the Valid column indicate whether the certificate is valid , or invalid .

  5. (Optional) To change the keystore password:
    1. Click Change Password.
    2. Enter the old password, the new password twice, and click OK.

    All certificates in the keystore now share the new password.

  6. (Optional) To delete a certificate, select its Start of the navigation path  Next navigation step Delete End of the navigation path menu option.