Changing Installed Certificates Used for HTTPS Listeners

SAP Mobile Platform Server includes a default self-signed certificate. You must change this default certificate with a production-ready certificate after you install SAP Mobile Platform. For shared certificates, SAP recommends that you maintain the existing certificate alias when importing the new certificates. Then, when you replace the default certificate with the new production certificate, you are updating change the certificate for all listeners simultaneously.

SAP Mobile Platform Server and Management Cockpit share the same keystore (that is, SMP_HOME\Server\configuration\smp_keystore.jks).

  1. Generate new production-ready certificates:
    Use your PKI system to generate SAP Mobile Platform Server certificates and key pairs, and have them signed with the Certificate Authority (CA) certificate used in your organization. Ensure that you:
    • Use the existing alias (smp_crt).
    • Set the CN of the certificate to *.MyDomain.
    SAP Mobile Platform is compliant with certificates and key pairs generated from most well-known PKI systems.
  2. Import the production-ready certificates and keys using the keytool.
    See information on the keytool utility.
Parent topic: Managing Keystore and Truststore Certificates
Related concepts
Certificate Alias
Related reference
Keytool Utility
Keystore/Truststore Properties