Securing Synchronization

Messaging data is automatically strongly encrypted over HTTP and HTTPS, using a private messaging payload protocol that is completely secure, once established. The message body is a JSON document. Therefore, only replication payloads require administrative intervention.

If your application uses the replication payload protocol, you must secure the replication payload.
Note: When using OData, messaging data must be encrypted using HTTPS to the Network Edge. Administrators must then protect data until it reaches SAP Mobile Platform. For more information, see SAP Mobile Server and Device Application Communications and Developer Guide: OData SDK > OData SDK Components - General Description.
  1. Changing Installed Certificates Used for Encryption
    SAP Mobile Server includes default certificates for all listeners. Since all installations use the same certificates by default, you must change these certificates with production-ready ones after you install SAP Mobile Platform.
  2. Modifying Default Synchronization Listener Properties with Production Values
    Once you have determined the degree of secure communication you require, you may need to modify default synchronization listener property values to disable one or more ports or synchronization protocols.
  3. Provisioning Security Artifacts
    Typically, you must provision SAP Mobile Platform security artifacts before applications can be used. The manner by which an artifact is provisioned depends on the artifacts themselves, the device types used, and your deployment environment.
  4. Establishing Encrypted Application Connections
    Synchronization and messaging connection are encrypted by default. However, for replication connections that use E2EE, the client must be configured correctly to establish connections to the correct HTTP or HTTPS port.
Parent topic: Securing Data in Motion Quick Start