Configuring a Mutually Authenticated SSL Security Configuration

Add and configure a new SSL security profile from Sybase Control Center to use for mutually authenticated connections.

Prerequisites
Your SAP system must be configured for HTTPS mutual authentication.
Task
This procedure is not part of single sign-on (SSO) configuration, instead, it provides an example of how to mutually authenticate DOE and DOE-C connections with an X.509 certificate over HTTPS.
  1. From Sybase Control Center, expand Servers. Expand the host being configured. Select Server Configuration. Select the General tab, then the SSL Configuration option.
  2. Select <ADD NEW SECURITY PROFILE> and name it, for example doectech. Select DOECTECH as the Certificate alias, and select strong_mutual for Authentication.
    This example assumes you have imported the certificate, in this case DOECTECH, into the Unwired Server key store location.
  3. Click Save, and restart Unwired Server services.
  4. Modify the endpoint security profile. For example, a DOE-C endpoint in a domain named E2EDomain with a SAP connection pool named sap_crm:1.0:
    1. Expand Domains > E2EDomain, and select Connections. Select the sap_crm:1.0 connection pool.
    2. Click Properties, and change the Endpoint Security Profile to doectech.
    3. Stop Unwired Server services.
    4. Edit the package properties file, and add a new key for endpoint-security-profile. Set this to the name of the configured SSL security profile configured in step two. For example: 
      endpoint-security-profile=doectech

      If defining a security profile to implement mutual authentication with SSO2 or basic authorization, add the optional endpoint property, techuser-certificate-alias, which, when set, overrides the technical user name and password fields. The specified certificate will be extracted from the Unwired Server keystore and supplied to the DOE.