The client, Relay Server, RSOE and SAP Mobile Server each use their own certificate; you can create or sign these certificates from one root certificate.
By default, SAP Mobile Server includes two default self-signed certificates in:
SMP_HOME\repository\Security\keystore.jks.
One certificate (the alias name is "sample2") is used for two-way HTTPS communications over the 8002/2482 ports. You can use sample2 as the root certificate to create and sign all other certificates.
You are recommended to generate a keypair with the fully qualified domain name of the SAP Mobile Server. See Configuring SAP Mobile Server SSL Configuration.