Create security profiles and associate them with X.509 server
certificates that can be used to establish secure connections between a client,
Unwired Server, and the SAP EIS.
Prerequisites
- Your SAP system must be configured for HTTPS mutual authentication
- Import the third party's private-key certificate used by
Unwired Server to mutually authenticate the client into the
Unwired Server keystore:
- SUPServer certificate –
represents the certificate used to secure an HTTPS connection between
Unwired Server and SAP Server or other enterprise
information system (EIS), where data and information flow from
Unwired Server to the EIS, which could be a DOE-C, Web
Service, or Proxy connection.
- SAPServer certificate –
represents the certificate used to secure the communication path between the
SAP Server or EIS and Unwired Server, where data and
information flow from the EIS to Unwired Server on an HTTPS
port (8001, 8002, and so on), which are made available to the EIS for pushing
data to Unwired Server. For SAP Servers, this could be
NetWeaver/DOE (TechnicalUser), or the SAP Gateway.
Task
To secure connections, create two new security profiles: one for the SAP gateway
and one for Unwired Server. If you imported the user and CA
certificates into keystore or truststore locations other than the default, make sure the
paths and passwords reflect them.
- In the Sybase Control Center navigation pane, click
Configuration.
- From the General tab, click SSL Configuration.
- Select <ADD NEW SECURITY PROFILE> and create a security profile for SAP servers:
- Security profile name – for example, TechnicalUser
for NetWeaver/DOE connections or Proxy for SAP Gateway connections.
- Certificate alias – the case sensitive certificate alias you defined when you imported the certificate into the keystore. For example, doetech, proxy (or whatever value you set the alias to using the keytool -alias option).
- Authentication – strong_mutual
- Select <ADD NEW SECURITY
PROFILE> and create an Unwired Server security
profile:
- Security profile name –
for
example, SUPServer.
- Certificate
alias
– SUP (or whatever value you set the
alias to using the keytool -alias
option).
- Authentication
– strong_mutual.
- Restart Unwired Server.