Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

SMP 3.0.8.3 SSL setup with Netscaler (RP/LB)

Hi,

We have been trying to setup SSL in our landscape for quite sometime already without any success. Using the guide How-to-Guide for Reverse Proxy and Load Balancing in SAP Mobile Platform 3.x, we tried scenario 2 (one way HTTPS).

Here's what we did in SMP

1) Signed smp_crt with our internal PKI system

- CN used is internal FQDN (smp.company.local)

- updated local_smp_keystore.jks

2) Uploaded internal root and intermediate CA (used to sign smp_crt) in smp_keystore.jks

3) Uploaded Netscaler certificate in smp_keystore.jks

- CN used is external FQDN (smp.company.com)

4) Uploaded Verisign (root) and Symantec (intermediate) CA certificate (used to sign Netscaler certificate) in smp_keystore.jks

5) Changed one way SSL port to 8443

Here's what we did in Netscaler

1) Setup SSL offload

2) Uploaded signed SMP certificate in Netscaler trust store

- CN used is internal FQDN (smp.company.local)

3) Uploaded internal root and intermediate CA in Netscaler trust store

4) Changed the backend server settings

backend FQDN = smp.company.local

backend protocol = HTTPS

backend port = 8443

Are the steps correct? Did we miss anything?

With this setup, we can't access SMP from the internet. We tested this using a browser by calling https://smp.company.com. We don't even get any entries in the SMP access logs. But if we don't use SSL (HTTP and 8080), we are able to access SMP from outside.


I also saw this just recently in the SMP Administration Overview:

"A reverse proxy that is used with SAP Mobile Platform must be a straight passthrough proxy server"

What should be the setup in Netscaler? SSL offload or SSL bridge?


Appreciate any feedback as we have spent a lot of time trying to make it work.


Thanks!

Tags:
Former Member
Not what you were looking for? View more on this topic or Ask a question