To configure SSL communication between the SAP Web Dispatcher, SAP Mobile Platform Server, and the Fiori front-end server, you have to establish trust between the components.
SAP Mobile Platform Server uses a single keystore file, located at <SMP_HOME>\Server\configuration\smp_keystore.jks
.
You can make changes to the keystore using the keytool utility located in <SMP_HOME>\sapjvm_7\bin
.
The keystore password is the same as the one you provided during the SAP Mobile Platform installation.
Recommendation
Make a backup copy of the keystore file before making any changes.
Task | Description |
---|---|
Replace the default self-signed certificate with a CA-signed certificate. | |
Configuring SAP Mobile Platform Server to Trust SAP Web Dispatcher | Map the Impersonator role to the subjectDN of the SAP Web Dispatcher client PSE. |
Configuring SAP Mobile Platform Server to Trust the Fiori Front-End Server | Import the CA certificate used to sign the Fiori front-end server certificate into the SAP Mobile Platform keystore. |
Enabling Mutual SSL Authentication with the Fiori Front-End Server | Create a technical user certificate to be used for mutual SSL between SAP Mobile Platform Server and the Fiori front-end server. |
Enabling Principal Propagation to the Fiori Front-End Server | In principal propagation, temporary X.509 user certificates are generated at runtime to enable user principals and credentials to be forwarded from SAP Mobile Platform Server to the back end. Generate a signing certificate for these temporary certificates. |