Enabling and Configuring Administration Encryption for SAP Mobile Server

Enable encryption to securely transfer data between the SAP Mobile Server administration listener and SAP Control Center.

You can create or change a security profile that saves SSL setup data for a particular server instance. Using the security profile, you associate a specific key with the encrypted port.

  1. In the left navigation pane, expand the Servers folder and select a server.
  2. Select Server Configuration.
  3. In the right administration pane, click General.
  4. Optional. If you want to create a new security profile, select SSL Configuration.
  5. In the Configure security profile table:
    1. Enter a name for the security profile.
    2. Enter a certificate alias. This is the alias of a key entry in the keystore. Make sure the key password of this key entry is the same as the keystore password.
    3. Select an authentication level:
      If the security profile authenticates only the server, then only the server must provide a certificate to be accepted or rejected by the client. If the security profile authenticates both the client and the server, then the client is also required to authenticate using a certificate; both the client and server will provide a digital certificate to be accepted or rejected by the other.
      Authentication Type Authenticates Cipher suite(s)
      intl server
      • SA_EXPORT_WITH_RC4_40_MD5
      • RSA_EXPORT_WITH_DES40_CBC_SHA
      intl_mutual client/server
      • RSA_EXPORT_WITH_RC4_40_MD5
      • RSA_EXPORT_WITH_DES40_CBC_SHA
      strong server
      • RSA_WITH_3DES_EDE_CBC_SHA
      • RSA_WITH_RC4_128_MD5
      • RSA_WITH_RC4_128_SHA
      strong_mutual client/server

      For example, this is the required option for mutual authentication of SAP Mobile Platform and Gateway.
      • RSA_WITH_3DES_EDE_CBC_SHA
      • RSA_WITH_RC4_128_MD5
      • RSA_WITH_RC4_128_SHA
      domestic server
      • RSA_WITH_3DES_EDE_CBC_SHA
      • RSA_WITH_RC4_128_MD5
      • RSA_WITH_RC4_128_SHA
      • RSA_WITH_DES_CBC_SHA
      • RSA_EXPORT_WITH_RC4_40_MD5
      • RSA_EXPORT_WITH_DES40_CBC_SHA
      • TLS_RSA_WITH_NULL_MD5
      • TLS_RSA_WITH_NULL_SHA
      domestic_mutual client/server
      • RSA_WITH_3DES_EDE_CBC_SHA
      • RSA_WITH_RC4_128_MD5
      • RSA_WITH_RC4_128_SHA
      • RSA_WITH_DES_CBC_SHA
      • RSA_EXPORT_WITH_RC4_40_MD5
      • RSA_EXPORT_WITH_DES40_CBC_SHA
      • RSA_WITH_NULL_MD5
      • RSA_WITH_NULL_SHA
  6. Use IIOPS in the Communication Ports sub-tab by selecting Secure Management Port (port 2001), and ensure that SAP Control Center's Managed Resource properties match. By default, IIOPS is already configured between SAP Mobile Server and SAP Control Center.
  7. Select the correct security profile name that provides the details for locating the correct certificates.
  8. Save the changes and restart the server.
Parent topic: Preparing SSL for HTTPS Listeners
Previous topic: Changing Installed Certificates Used for SAP Mobile Server and SAP Control Center HTTPS Listeners