Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

SMP SSL setup with Netscaler (RP/LB)


We have been trying to setup SSL in our landscape for quite sometime already without any success. Using the guide How-to-Guide for Reverse Proxy and Load Balancing in SAP Mobile Platform 3.x, we tried scenario 2 (one way HTTPS).

Here's what we did in SMP

1) Signed smp_crt with our internal PKI system

- CN used is internal FQDN (

- updated local_smp_keystore.jks

2) Uploaded internal root and intermediate CA (used to sign smp_crt) in smp_keystore.jks

3) Uploaded Netscaler certificate in smp_keystore.jks

- CN used is external FQDN (

4) Uploaded Verisign (root) and Symantec (intermediate) CA certificate (used to sign Netscaler certificate) in smp_keystore.jks

5) Changed one way SSL port to 8443

Here's what we did in Netscaler

1) Setup SSL offload

2) Uploaded signed SMP certificate in Netscaler trust store

- CN used is internal FQDN (

3) Uploaded internal root and intermediate CA in Netscaler trust store

4) Changed the backend server settings

backend FQDN =

backend protocol = HTTPS

backend port = 8443

Are the steps correct? Did we miss anything?

With this setup, we can't access SMP from the internet. We tested this using a browser by calling We don't even get any entries in the SMP access logs. But if we don't use SSL (HTTP and 8080), we are able to access SMP from outside.

I also saw this just recently in the SMP Administration Overview:

"A reverse proxy that is used with SAP Mobile Platform must be a straight passthrough proxy server"

What should be the setup in Netscaler? SSL offload or SSL bridge?

Appreciate any feedback as we have spent a lot of time trying to make it work.


Former Member
Not what you were looking for? View more on this topic or Ask a question