Create security profiles and associate them with X.509 server
certificates that can be used to establish secure connections between SAP Mobile Server and the SAP EIS.
Prerequisites
- Your SAP EIS system must be configured for HTTPS mutual
authentication
- Import the third-party's private-key certificate used by SAP Mobile Server to mutually authenticate the client into
the SAP Mobile Server keystore:
- SMPServer certificate –
represents the certificate used to secure an HTTPS connection between SAP Mobile Server and SAP Server or other enterprise
information system (EIS), where data and information flow from SAP Mobile Server to the EIS, which could be a DOE-C,
Web Service, or Proxy connection. The same certificate is also used in mutual
authentication between the client and
SAP Mobile Platform.
- SAPServer certificate –
represents the certificate used to secure the communication path between the
SAP server or EIS and SAP Mobile Server, where
data and information flow from the EIS to SAP Mobile Server on an HTTPS port (8001, 8002, and so on), which are
made available to the EIS for pushing data to SAP Mobile Server. For SAP servers, this could be NetWeaver/DOE
(TechnicalUser), or the SAP Gateway.
Task
To secure
connections, create two new security profiles: one for the SAP gateway and one for
SAP Mobile Server.
- In the SAP Control Center navigation pane, click
Configuration.
- From the General tab, click SSL Configuration.
- Select <ADD NEW SECURITY PROFILE> and create a security profile for SAP servers:
- Security profile name – for example, TechnicalUser
for NetWeaver/DOE connections or Proxy for SAP Gateway connections.
- Certificate alias – the case-sensitive certificate alias you defined when you
imported the certificate into the keystore. For example, doetech, proxy (or whatever value you set the alias to when importing
the certificate).
- Authentication – strong_mutual
- Select <ADD NEW SECURITY
PROFILE> and create an SAP Mobile Server security
profile:
- Security profile name –
for
example, SUPServer.
- Certificate alias – SUP (or whatever
value you set the alias to when importing the certificate).
- Authentication
– strong_mutual.
- Restart SAP Mobile Server.