The client, reverse proxy, and SAP Mobile Server each use their own certificate; you can create or sign these certificates from one root certificate.
By default, SAP Mobile Server includes two default self-signed certificates in:
SMP_HOME\repository\Security\keystore.jks.
One certificate (the alias name is "sample2") is used for two-way HTTPS communications over the 8002/2482 ports. You can use sample2 as the root certificate to create and sign all other certificates.
openssl rsa -in encrypted.key -out decrypted.key
The SSLCertificateKeyFile and the private key in SSLProxyMachineCertificateFile must be unencrypted.
The SSLProxyMachineCertificateFile must be a public key merged with an unencrypted private key.