By default, the self-signed certificate AgentryServer.pfx is installed in the Agentry Server’s application directory with the SAP Mobile Platform installation. The certificate file AgentryTrustedCertificates.sst is installed on the Agentry Clients. This default certificate directs the Agentry Server to use the Microsoft Enhanced Cryptographic Provider.
The Microsoft Enhanced Cryptographic Provider uses the RSA cipher algorithm for key exchange with a default key length of 1024 bits. It uses RC4 for its stream encryption algorithm with a default key length of 128 bits.
If the attached Agentry Client does not support the enhanced key lengths, the Enhanced Cryptographic Provider can support the Microsoft Base Cryptographic Provider.
You can increase or decrease the key lengths in the Agentry.ini file.
Increasing the minimums can lock out any client devices that do not support the required key length.
The default security settings on the Agentry Server and Agentry Clients are designed to meet the requirements of most implementations. However, Agentry supports other cryptographic providers if greater security is necessary. To use another cryptographic provider, Agentry requires a Agentry Server certificate from a certificate authority,
The Agentry Client supports Agentry Server authentication. This allows the Agentry Client to authenticate the Agentry Server. To enable this feature, Agentry requires a server certificate from a certificate authority. SAP does not provide this certificate.
The Agentry Server supports Agentry Client authentication. This allows the Agentry Server to authenticate each Agentry Client. To enable this feature, Agentry requires certificates for each of the Agentry Clients from a certificate authority. SAP does not provide these certificates.
By default, the self-signed certificate AgentryServer.pfx is installed in the Agentry Server’s application directory within the SAP Mobile Platform installation and the certificate file, AgentryTrustedCertificates.sst, is installed on the Agentry Clients. You can create your own self-signed certificate to replace these default certificates.