Creating Security Profiles to Enable Mutual Authentication for SAP

Create security profiles and associate them with X.509 server certificates that can be used to establish secure connections between a client, Unwired Server, and the SAP EIS.

Prerequisites

Your SAP system must be configured for HTTPS mutual authentication
Import the third party's private-key certificate used by Unwired Server to mutually authenticate the client into the Unwired Server keystore:
- SUPServer certificate – represents the certificate used to secure an HTTPS connection between Unwired Server and SAP Server or other enterprise information system (EIS), where data and information flow from Unwired Server to the EIS, which could be a DOE-C, Web Service, or Proxy connection.
- SAPServer certificate – represents the certificate used to secure the communication path between the SAP Server or EIS and Unwired Server, where data and information flow from the EIS to Unwired Server on an HTTPS port (8001, 8002, and so on), which are made available to the EIS for pushing data to Unwired Server. For SAP Servers, this could be NetWeaver/DOE (TechnicalUser), or the SAP Gateway.

Task

Create a SAPServer security profile :
1. From Sybase Control Center, expand Servers > <UnwiredServerName>, and select Server Configuration.
2. Select General > SSL Configuration.
3. Select <ADD NEW SECURITY PROFILE>.
4. Enter these values:
  - Security profile name – for example, TechnicalUserfor NetWeaver/DOE connections or Proxy for SAP Gateway connections.
  - Certificate Alias – the case sensitive certificate alias you defined when you imported the certificate into the keystore. For example, doetech, proxy(or whatever value you set the alias to using the keytool -alias option)
  - Authentication: strong_mutual
5. If you imported the user and CA certificates into keystore or truststore locations other than the default, make sure the paths and passwords reflect them.
6. Select Save.
Create a SUPServer security profile:
1. From Sybase Control Center, expand Servers > <UnwiredServerName>, and select Server Configuration.
2. Select General > SSL Configuration.
3. Select <ADD NEW SECURITY PROFILE>.
4. Enter these values:
  - Security profile name: SUPServer
  - Certificate Alias: SUP (or whatever value you set the alias to using the keytool -alias option)
  - Authentication: strong_mutual
5. If you imported the user and CA certificates into keystore or truststore locations other than the default, make sure the paths and passwords reflect them.
6. Select Save.
Restart Unwired Server.