Show TOC

Managing CertificatesLocate this document in the navigation structure

Manage SAP Mobile Platform certificates using Management Cockpit. You can import or delete a certificate, and change its password. Certificates and their passwords are saved in a keystore.

Context

SAP Mobile Platform includes two keystore files, with the same initial password:
  • local_smp_keystore.jks – created and maintained by the product installer; on each cluster node, stores certificates for the local server, from which you access Management Cockpit. These certificates are used for HTTPS connections.

  • smp_keystore.jks – maintained by system administrators; stores trusted certificates and PKCS #12 certificates for technical user back-end connections, and the truststore. This keystore syncs to all servers in a cluster, so you need not import these certificates into each node.

If you update the password for an alias in the keystore, SAP Mobile Platform Server automatically updates all the private-key passwords in that keystore to the same password.

Note

If you upgrade from SP08 or earlier, the contents of the shared keystore (smp_keystore.jks) are duplicated in the local keystore (local_smp_keystore.jks), for backward compatibility. This is necessary when Tomcat connectors were manually configured in the keystore to use private-key aliases other than smp_crt. When the server starts, it loads the certificates from the local keystore and ignores the duplicate entries in the shared keystore.

If you manually configure additional HTTPS listeners in the Tomcat server XML file, you cannot manage the corresponding certificate aliases in Management Cockpit; instead, update local_smp_keystore.jks using the keytool utility.

Procedure

  1. In Management Cockpit, select Start of the navigation path Settings Next navigation step Certificates End of the navigation path.
  2. To import a certificate into the shared keystore (smp_keystore.jks), select Shared Key Store Entries. To import or update certificates in the local keystore, see Updating the Default Certificate for HTTPS Connections.
  3. Click Import, and in the Import Certificate dialog, define:
    • Certificate Type – select the certificate type, PKCS #12 or X.509.

    • Alias – unique name for the certificate.

    • Certificate File – name and location of the certificate file. To select the file, click Browse.

    • (For PKCS #12 certificates) Private Key Password – password for the private key. X.509 certificates are trusted and do not have private keys.

    If you import a certificate with the alias smp_crt, it is ignored.

  4. Click Import.
  5. (Optional) To change the keystore password:
    1. Select a certificate, and click Change Password.
    2. Enter the old password, the new password, and click OK.
      Note

      If SAP Mobile Platform is running in a cluster, you must restart each server in the cluster for a password change to take effect. If you change a password in the local keystore, it takes effect immediately.

    All certificates in the keystore now share the new password.
  6. (Optional) To delete a certificate, select the certificate row, and click Delete.