SAP Mobile Server includes default certificates for all
listeners. Since all installations use the same certificates by default, you must change
these certificates with production-ready ones after you install
SAP Mobile Platform.
TLS/SSL/HTTPS all use default certificates that require changing. Use
SAP Control Center to manage certificates for the
encryption of replication, DCN, OData, and DOE listeners. These listeners all use
the key store (keystore.jks), and require mutual certificate
authentication. To change the default certificates:
- Generate new production-ready certificates. Use a PKI system to
ensure that the generated certificates and key pairs are signed by the
certificate authority (CA) certificate that is widely trusted in your
organization. SAP Mobile Platform is compliant with
certificates and key pairs generated from most well-known PKI systems.
- Import production-ready certificates, then update the security
profile to associate these files with the SAP Mobile Server
encrypted port.
- Use SAP Control Center to import the new production
certificates into the primary SAP Mobile Server keystore, if that listener requires it.
- Configure the listener properties.
- (Optional) If you are using a PKI system that includes OCSP and OCSP can be
used by the listener, configure an OCSP responder. See Enabling OCSP.