Show TOC

Creating an End-User CertificateLocate this document in the navigation structure

Create an end-user certificate to reside on the mobile device. Each user must have a unique certificate.


On the Windows machine where SAP Mobile Platform is installed, download OpenSSH or another tool that supports Linux commands. Run the commands using an account for which you have Administrator privileges.


  1. Create the client key and a certificate-signing request (CSR):
    1. In a Linux command window, run:
      “openssl genrsa -des3 -out ssodemo.key 1024”
      “openssl req -new -key ssodemo.key -out ssodemo.csr”
    2. Set the common name to “ssodemo” and enter the other values requested by openssl.
    3. Run:
      “openssl x509 -req -days 365 -in ssodemo.csr -CA Root_CA.crt -CAkey Root_CA.key -set_serial 01 -out ssodemo.crt”
  2. Convert the client key to PKCS, and merge the certificate and the private key into a single file:
    “openssl pkcs12 -export -clcerts -in ssodemo.crt -inkey ssodemo.key -out ssodemo.p12”