The client, reverse proxy, and SAP Mobile Platform Server each use their own certificate; you can create or sign these certificates from one root certificate.
By default, SAP Mobile Platform Server includes one default self-signed certificate in:
SMP_HOME\Server\configuration\smp_keystore.jks.
The certificate (the alias name is "smp_crt") is used for HTTPS communications.
openssl rsa -in encrypted.key -out decrypted.key
The SSLCertificateKeyFile and the private key in SSLProxyMachineCertificateFile must be unencrypted.
The SSLProxyMachineCertificateFile must be a public key merged with an unencrypted private key.