Using SSL Between a Client and SAP Mobile Platform Server

Use SSL to secure HTTPS channel communication between a client (a device) and SAP Mobile Platform Server.

The self-signed certificate smp_crt is created during installation and contains the fully qualified domain name of the system as its CN. By default, the same certificate is configured for all secure connections in SAP Mobile Platform Server. Because this certificate is self-signed, it does not have any CA for validation. Use a PKI system and a trusted CA to generate production-ready certificates and keys that encrypt communication between the client and the server.
Note: Ensure the certificate you use is contained in the server keystore. You can use the keytool utility to import and export certificates to the keystore. Any changes to the keystore require the server to be restarted.
  1. Use Management Cockpit to create an application with an HTTP/HTTPS back end.
  2. Place the CA of the server certificate into the client keystore.
  3. Connect to the server. When you connect to the server using HTTPS, the server sends back its certificate.
    1. For one-way SSL, connect using https://<servername>:8081/.
    2. For mutual SSL, connect using https://<servername>:8082/.
  4. Validate the server certificate from the application. If the server certificate is valid, both will exchange cipher; which is used for encoding further communication.
  5. Upon successful certificate validation, SAP Mobile Platform establishes a client-to-server connection, and further request responses occur using the secure channel until the session expires.
Parent topic: Using SSL to Secure HTTPS Channel Communications in SAP Mobile Platform
Related concepts
Certificate Alias
Managing Keystore and Truststore Certificates
Related reference
Keytool Utility
Keystore/Truststore Properties