By default all other
SAP Mobile Platform listeners are encrypted using SSL. However, if
you need to modify this configuration, review these steps.
Changing Installed Certificates Used for Encryption
SAP Mobile Server includes default certificates for all listeners. Since all installations use the same certificates by default, you must change these certificates with production-ready ones after you install SAP Mobile Platform.
Changing Keystore and Truststore Passwords
The SAP Mobile Platform (used by both SAP Mobile Server and SAP Control Center to manage certificates and keys) keystore and truststore locations are protected by a password. In production environments, replacing default passwords is encouraged.
Defining Certificates for SSL Encryption
Specify keystore and truststore certificates to be used for SSL encryption of SAP Mobile Server communication ports. All security profiles use the same keystore and truststore.
Creating an SSL Security Profile in SAP Control Center
Security profiles define the security characteristics of a client/server session. Assign a security profile to a listener, which is configured as a port that accepts client connection requests of various protocols. SAP Mobile Server uses multiple listeners. Clients that support the same characteristics can communicate to SAP Mobile Server via the same port defined in the listener.
Enabling OCSP
(Optional) Enable OCSP (Online Certificate Status Protocol) to determine the status of a certificate used to authenticate a subject: current, expired, or unknown. OCSP configuration is enabled as part of cluster level SSL configuration. OCSP checking must be enabled if you are using the CertificateAuthenticationLoginModule and have set Enable revocation checking to true.