Preparing Certificates

The client, reverse proxy, and SAP Mobile Server each use their own certificate; you can create or sign these certificates from one root certificate.

By default, SAP Mobile Server includes two default self-signed certificates in:

SMP_HOME\repository\Security\keystore.jks.

One certificate (the alias name is "sample2") is used for two-way HTTPS communications over the 8002/2482 ports. You can use sample2 as the root certificate to create and sign all other certificates.

The Windows version of Apache2 does not support an encrypted certificate key file. You can use OpenSSL to decrypt the file: 
openssl rsa -in encrypted.key -out decrypted.key

The SSLCertificateKeyFile and the private key in SSLProxyMachineCertificateFile must be unencrypted.

The SSLProxyMachineCertificateFile must be a public key merged with an unencrypted private key.

Parent topic: Authenticating at the Network Edge with a Reverse Proxy