Hi,
We have been trying to setup SSL in our landscape for quite sometime already without any success. Using the guide How-to-Guide for Reverse Proxy and Load Balancing in SAP Mobile Platform 3.x, we tried scenario 2 (one way HTTPS).
Here's what we did in SMP
1) Signed smp_crt with our internal PKI system
- CN used is internal FQDN (smp.company.local)
- updated local_smp_keystore.jks
2) Uploaded internal root and intermediate CA (used to sign smp_crt) in smp_keystore.jks
3) Uploaded Netscaler certificate in smp_keystore.jks
- CN used is external FQDN (smp.company.com)
4) Uploaded Verisign (root) and Symantec (intermediate) CA certificate (used to sign Netscaler certificate) in smp_keystore.jks
5) Changed one way SSL port to 8443
Here's what we did in Netscaler
1) Setup SSL offload
2) Uploaded signed SMP certificate in Netscaler trust store
- CN used is internal FQDN (smp.company.local)
3) Uploaded internal root and intermediate CA in Netscaler trust store
4) Changed the backend server settings
backend FQDN = smp.company.local
backend protocol = HTTPS
backend port = 8443
Are the steps correct? Did we miss anything?
With this setup, we can't access SMP from the internet. We tested this using a browser by calling https://smp.company.com. We don't even get any entries in the SMP access logs. But if we don't use SSL (HTTP and 8080), we are able to access SMP from outside.
I also saw this just recently in the SMP Administration Overview:
"A reverse proxy that is used with SAP Mobile Platform must be a straight passthrough proxy server"
What should be the setup in Netscaler? SSL offload or SSL bridge?
Appreciate any feedback as we have spent a lot of time trying to make it work.
Thanks!