cancel
Showing results for 
Search instead for 
Did you mean: 

Do we need SSL certificate to install seperately, when have the SMP certificate already installed ?

neha_mahanty
Active Participant
0 Kudos

Hi All,

I have a query related to certificates which needs to be installed in the devices.

I am working with Service Manager 4.1 application and SMP 3.0 platform. We have installed the SMP certificate in the devices .

My question is do we need to generate and install the SSL certificate separately ?

If yes please guide me how to generate a CSR for SSL in smp3.0

I have got this link SyBooks Online

Please guide if this is enough or any additional setting is required.

Thanks a lot in advance.

Thanks and Regards

Neha Mahanty

Accepted Solutions (1)

Accepted Solutions (1)

bill_froelich
Product and Topic Expert
Product and Topic Expert
0 Kudos

Neha,

The Agentry clients need to be able to validate the certificate presented by the SMP 3 server.  This means one of three things:

  1. Install the self-signed certificate created during installation on the devices
  2. Generate a new certificate and make sure the CA is trusted by the clients
  3. Obtain a certificate from a 3rd party like VeriSign whose root certificates are already trusted by the clients so not installation on the client is needed.

Which route you pick will depend on your internal security policies and practices.

Remember for options 2 and 3 you will need to install the new certificate to the SMP 3 keystore.

--Bill

neha_mahanty
Active Participant
0 Kudos

Thanks everyone .

The client needs a separate SSL certificate . hence I followed the document mentioned by Kiran - http://scn.sap.com/docs/DOC-57367

The prerequisites mentioned in the document is SMP 3.0 SP04 . However I have SMP 3.0 SP03

When I am executing the command

keytool.exe -certreq -keyalg RSA -alias smp_crt -file Syclo.csr -keystore D:\SAP\MobilePlatform3\Server\configuration\smp_keystore.jks -storepass empass12

keytool.exe -certreq -keyalg RSA -alias smp_crt -file pvs9097.csr -keystore D:\SAP\MobilePlatform3\Server\configuration\smp_keystore.jks -storepass empass12

I am getting this error

keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

Can anyone please guide what can be the possible issue and how this can be solved.

Thanks

Neha

bill_froelich
Product and Topic Expert
Product and Topic Expert
0 Kudos

Neha,

What is the scenario you are trying to setup?  The link refers to load balancing and reverse proxies?  Can you attach a diagram of your setup from client to SMP server?

--Bill

Kevin_SAP
Advisor
Advisor
0 Kudos

That error is indicating you are using an incorrect password.  You need to use the keystore password you configured when installing the SMP server.

Answers (2)

Answers (2)

sudhiranjan_lenka
Contributor
0 Kudos

Hi Neha,

I don't think you need a separate SSL certificate to be installed in the device unless your client asks for self signed certificate or any custom certificate.

      P. S. :-    In case of standard(default) certificate smp_crt.cer(can be found in configuration folder of the SMP server) needs to be installed in your      device as a trusted certificate.

Thanks,

Sudhir.

kirankola
Advisor
Advisor
0 Kudos

Hi Neha,

Self-signed certificate is generated during the installation. However, you could generate CSR using keytool. Once you generate the CSR, sign it with your internal CA and then import your root and signed certificate to your keystore.

You could refer to SSL Preparation section (Page 31 onwards, scenario2):

http://scn.sap.com/docs/DOC-57367

Regards,

Kiran