Creating a Self-Signed Certificate Using OpenSSL

Create your own self-signed certificate using OpenSSL.

To create your own self-signed certificate you need to install OpenSSL. OpenSSL is an open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1). You can download OpenSSL at:

http://www.openssl.org/

  1. From a machine where OpenSSL is installed, open a command prompt and enter the following command: openssl req -x509 -days 365 -newkey rsa:<bits> -keyout server-key.pem -out server-cert.pem where <bits> is how many bits long you want the private key to be, for example 2048 or 4096.

    The self-signed certificate, server-cert.pem, is created.

  2. Convert the certificate to a PFX file. In the command prompt enter openssl pkcs12 -export -in server-cert.pem -inkey server-key.pem -out <NewAgentryServer>.pfx where <NewAgentryServer> can be any unique name for the new PFX file.

    An example of a unique PFX file name is NewAgentryServer.pfx.

  3. Copy the PFX file into the directory where the Agentry Server instance for the mobile application is located, i.e. C:\SAP\MobilePlatform\Servers\UnwiredServer\<AppName>.
  4. From the SAP Control Center expand the Applications node and select the Agentry application. Then perform the following steps:
    1. Click the Configurations tab in the Administration pane and select the check box for ANGEL Front End.
    2. Change authenticationCertificateStore to the name of the new PFX file. Double-click the Value to enter a new name.
    3. Change the authenticationCertificateStorePassword to the password you set in the file. The password is the "PEM pass phrase" that you entered when prompted by OpenSSL in step one.
    4. Click [Apply] to commit the changes to the Agentry Server.
    5. Click [OK] to close the window.
    Note: Any changes made in this step, also need to be applied to the "Server Administration", "Web Server Front End", and "Cluster ANGEL" sections if they exist. All of these sections can use different certificates if desired; there is no requirement that they all use the same PFX file.
  5. Create a copy of the file server-cert.pem and rename it <CertName>.cer.
    This file is now the CA certificate for the server (since in a self-signed certificate scenario, the server certificate and CA certificate are the same).
  6. Install the certificate onto the Agentry client device:
    • Windows and Windows CE
      1. Copy the file to the device.
      2. Double-click the file to display it, click Install Certificate.
      3. Click Next.
      4. Select Place all certificates in the following store.
      5. Click Browse, select Trusted Root Certificate Authorities, click OK.
      6. Click Next, then Finish.
    • Android – copy the file to the device, open it, and allow it to be imported into the system's trusted certificate store.
    • iOS – create a device configuration profile that contains the certificate using Apple's iPhone Configuration Utility.
  7. Restart the Agentry Server and the Agentry Client.
  8. Log in to the Agentry Server using the Agentry Client.
Parent topic: Authentication Certificates