Creating Security Profiles to Enable Mutual Authentication for SAP

Create security profiles and associate them with X.509 server certificates that can be used to establish secure connections between a client, Unwired Server, and the SAP EIS.

Prerequisites

Your SAP system must be configured for HTTPS mutual authentication
Import the third party's private-key certificate used by Unwired Server to mutually authenticate the client into the Unwired Server keystore:
- SUPServer certificate – represents the certificate used to secure an HTTPS connection between Unwired Server and SAP Server or other enterprise information system (EIS), where data and information flow from Unwired Server to the EIS, which could be a DOE-C, Web Service, or Proxy connection.
- SAPServer certificate – represents the certificate used to secure the communication path between the SAP Server or EIS and Unwired Server, where data and information flow from the EIS to Unwired Server on an HTTPS port (8001, 8002, and so on), which are made available to the EIS for pushing data to Unwired Server. For SAP Servers, this could be NetWeaver/DOE (TechnicalUser), or the SAP Gateway.

Task

To secure connections, create two new security profiles: one for the SAP gateway and one for Unwired Server. If you imported the user and CA certificates into keystore or truststore locations other than the default, make sure the paths and passwords reflect them.

In the Sybase Control Center navigation pane, click Configuration.
From the General tab, click SSL Configuration.
Select <ADD NEW SECURITY PROFILE> and create a security profile for SAP servers:
- Security profile name – for example, TechnicalUser for NetWeaver/DOE connections or Proxy for SAP Gateway connections.
- Certificate alias – the case sensitive certificate alias you defined when you imported the certificate into the keystore. For example, doetech, proxy (or whatever value you set the alias to using the keytool -alias option).
- Authentication – strong_mutual
Select <ADD NEW SECURITY PROFILE> and create an Unwired Server security profile:
- Security profile name – for example, SUPServer.
- Certificate alias – SUP (or whatever value you set the alias to using the keytool -alias option).
- Authentication – strong_mutual.
Restart Unwired Server.