Creating an SSL Security Profile in SAP Control Center

Security profiles define the security characteristics of a client/server session. Assign a security profile to a listener, which is configured as a port that accepts client connection requests of various protocols. SAP Mobile Server uses multiple listeners. Clients that support the same characteristics can communicate to SAP Mobile Server via the same port defined in the listener.

Note: A security profile can be used by one or more servers in a cluster, but cannot used by multiple clusters.
  1. In the left navigation pane, select Configuration
  2. In the right administration pane, select the General tab.
  3. From the menu bar, select SSL Configuration.
  4. In the Configure security profile table:
    1. Enter a name for the security profile.
    2. Enter a certificate alias. This is the alias of a key entry in the keystore. Make sure the key password of this key entry is the same as the keystore password.
    3. Select an authentication level:
      If the security profile authenticates only the server, then only the server must provide a certificate to be accepted or rejected by the client. If the security profile authenticates both the client and the server, then the client is also required to authenticate using a certificate; both the client and server will provide a digital certificate to be accepted or rejected by the other.
      Authentication Type Authenticates Cipher suite(s)
      intl server
      • SA_EXPORT_WITH_RC4_40_MD5
      • RSA_EXPORT_WITH_DES40_CBC_SHA
      intl_mutual client/server
      • RSA_EXPORT_WITH_RC4_40_MD5
      • RSA_EXPORT_WITH_DES40_CBC_SHA
      strong server
      • RSA_WITH_3DES_EDE_CBC_SHA
      • RSA_WITH_RC4_128_MD5
      • RSA_WITH_RC4_128_SHA
      strong_mutual client/server

      For example, this is the required option for mutual authentication of SAP Mobile Platform and Gateway.

      • RSA_WITH_3DES_EDE_CBC_SHA
      • RSA_WITH_RC4_128_MD5
      • RSA_WITH_RC4_128_SHA
      domestic server
      • RSA_WITH_3DES_EDE_CBC_SHA
      • RSA_WITH_RC4_128_MD5
      • RSA_WITH_RC4_128_SHA
      • RSA_WITH_DES_CBC_SHA
      • RSA_EXPORT_WITH_RC4_40_MD5
      • RSA_EXPORT_WITH_DES40_CBC_SHA
      • TLS_RSA_WITH_NULL_MD5
      • TLS_RSA_WITH_NULL_SHA
      domestic_mutual client/server
      • RSA_WITH_3DES_EDE_CBC_SHA
      • RSA_WITH_RC4_128_MD5
      • RSA_WITH_RC4_128_SHA
      • RSA_WITH_DES_CBC_SHA
      • RSA_EXPORT_WITH_RC4_40_MD5
      • RSA_EXPORT_WITH_DES40_CBC_SHA
      • RSA_WITH_NULL_MD5
      • RSA_WITH_NULL_SHA
  5. Click Save.
  6. From the Components menu, assign the security profile to the desired management or communication ports.