Create security profiles and associate them with X.509 server
certificates that can be used to establish secure connections between a client,
SAP Mobile Server, and the SAP EIS.
Prerequisites
- Your SAP system must be configured for HTTPS mutual authentication
- Import the third party's private-key certificate used by
SAP Mobile Server to mutually authenticate the client into the
SAP Mobile Server keystore:
- SUPServer certificate –
represents the certificate used to secure an HTTPS connection between
SAP Mobile Server and SAP Server or other enterprise
information system (EIS), where data and information flow from
SAP Mobile Server to the EIS, which could be a DOE-C, Web
Service, or Proxy connection.
- SAPServer certificate –
represents the certificate used to secure the communication path between the
SAP Server or EIS and SAP Mobile Server, where data and
information flow from the EIS to SAP Mobile Server on an HTTPS
port (8001, 8002, and so on), which are made available to the EIS for pushing
data to SAP Mobile Server. For SAP Servers, this could be
NetWeaver/DOE (TechnicalUser), or the SAP Gateway.
Task
To secure connections, create two new security profiles: one for the SAP gateway
and one for SAP Mobile Server. If you imported the user and CA
certificates into keystore or truststore locations other than the default, make sure the
paths and passwords reflect them.
- In the SAP Control Center navigation pane, click
Configuration.
- From the General tab, click SSL Configuration.
- Select <ADD NEW SECURITY PROFILE> and create a security profile for SAP servers:
- Security profile name – for example, TechnicalUser
for NetWeaver/DOE connections or Proxy for SAP Gateway connections.
- Certificate alias – the case sensitive certificate alias you defined when you imported the certificate into the keystore. For example, doetech, proxy (or whatever value you set the alias to using the keytool -alias option).
- Authentication – strong_mutual
- Select <ADD NEW SECURITY
PROFILE> and create an SAP Mobile Server security
profile:
- Security profile name –
for
example, SUPServer.
- Certificate
alias
– SUP (or whatever value you set the
alias to using the keytool -alias
option).
- Authentication
– strong_mutual.
- Restart SAP Mobile Server.