Show TOC

Certificates and KeysLocate this document in the navigation structure

The SAP Mobile Platform shared keystore and truststore manage certificates, and private and public keys.

Keystore

A keystore contains security certificates and their associated private keys. SAP Mobile Platform uses certificates to identify itself to:

  • Clients – with the server certificate.

  • Back-end systems – with technical-user certificates.

A keystore also contains public certificates of trusted entities, typically the CA signing certificates of the back-end systems to which it connects, and the certificate used to sign client certificates.

SAP Mobile Platform includes two keystore files, with the same initial password:

  • local_smp_keystore.jks – created and maintained by the product installer; on each cluster node, stores certificates for the local server, from which you access Management Cockpit. These certificates are used for HTTPS connections.

  • smp_keystore.jks – maintained by system administrators; stores trusted certificates and PKCS #12 certificates for technical user back-end connections, and the truststore. This keystore syncs to all servers in a cluster, so you need not import these certificates into each node.

Truststore

The truststore contains certificates from both external parties and certificate authorities trusted to identify other parties. In SAP Mobile Platform, the truststore is stored in the smp_keystore.jks file.

Administrators can make changes to both keystore files using Management Cockpit.

Note

If SAP Mobile Platform is running in a cluster, you must restart each server in the cluster for a password change to take effect. If you change a password in the local keystore, it takes effect immediately.


    Managing Certificates
    Manage SAP Mobile Platform certificates using Management Cockpit. You can import or delete a certificate, and change its password. Certificates and their passwords are saved in a keystore.
    Generating Certificates and Keys
    Use a PKI system and a trusted CA to generate production-ready certificates and keys that encrypt communication between different SAP Mobile Platform components. Use Management Cockpit to import certificates to, and export certificates from, the keystore.
    Certificate Alias and HTTPS Connections
    A certificate alias is the name given to a certificate in the SAP Mobile Platform keystore. The alias identifies a specific certificate to use when making an HTTPS connection to a URL. Each entry in a keystore has an alias to help identify it.
    Updating the Default Certificate for HTTPS Connections
    SAP Mobile Platform Server includes a default self-signed certificate. You must replace this default certificate with a production-ready certificate after you install SAP Mobile Platform. SAP recommends that you maintain the existing certificate alias when importing new certificates. Then, when you replace the default certificate with a new production certificate, you update the certificate for all listeners simultaneously.
    Keytool Utility
    keytool is a JDK utility that manages a keystore (database) of private keys and associated certificates, as well as certificates from trusted entities.

Parent topic: Configuring Security in SAP Mobile Platform

Previous: Role Mapping

Next: Configuring Strong Encryption for JVM Security
Related Information