Enabling a Direct HTTPS Connection to SAP Mobile Platform Server

SAP Mobile Platform includes two HTTPS listeners that clients can use to directly communicate with the SAP Mobile Platform Server HTTPS port. There is a one-way HTTPS listener where the server certificate goes to the client, and there is a two-way HTTPS listener where the client must also send its certificate to the server for mutual authentication.

Both listeners use the server certificate identified by the "smp_crt" alias in the keystore. The SAP Mobile Platform installation process creates this self-signed certificate. Most clients or servers do not trust a self-signed certificate, so SAP recommends that customers use a trusted CA to sign a replacement certificate for the server. The signed certificate should be imported to the keystore using the same "smp_crt" alias.

The summary steps for enabling a direct HTTPS connect to SAP Mobile Platform Server includes:

  1. Obtain a valid signed server certificate for your SAP Mobile Platform Server.
  2. Import the certificate into the keystore using the "smp_crt" alias. Import the CA signing certificate used to sign client certificates into the smp_keystore.jks as a trusted CA certificate so that SAP Mobile Platform is able to validate client certificates later.
  3. Add the X.509 User Certificate provider to your security profile assigned to your application.
  4. Restart the server to pick up the new certificate.
Parent topic: Application Security
Related concepts
Managing Keystore and Truststore Certificates
Related reference
Keystore/Truststore Properties
Keytool Utility