2298985 - SAP Business One Sales or SAP Business One Service Mobile App Requires a Valid SSL Certificate in SAP HANA environment
To ensure that the highest security standard is provided with your company and business data, SAP has introduced the exclusive use of valid SSL certificates. Securing your SAP Business One mobile application with a valid SSL certificate is crucial. It is quite simple to enable. In some situations, it is required that you buy a trusted certificate. But in most cases, you can generate and use a self-signed certificate for free. However, be aware that SAP cannot cover all possible security aspects due to customer-specific requirements and conditions. The mobile apps need to be integrated into each customer’s specific security concept and some manual input can be necessary.
In this SAP Note, SAP presents examples of how to obtain and install valid certificates. For more information, technical background, or questions, please consult your partner or other information sources that are available about this standard security technology.
Reproducing the issue
After you configure the solution and install the certificate for your mobile device, you receive the following error message when logging on to the app:
The certificate for this server is invalid.
You might be connecting to a server that is pretending to be "[server name/IP]" which could put your confidential information at risk.
- The certificate is not installed successfully on the mobile device.
SAP Business One automatically generates a self-signed certificate based on the server host name during installation. After installing this certificate in your mobile device, you must use the host name to connect SAP Business One Sales or SAP Business One Service to the mobile service. If you cannot use a host name in the external network, follow the steps in the Solution section below to generate a new certificate based on a server domain name or IP address, and then install the new certificate on your mobile device.
- To avoid man-in-the-middle attacks, the security standard is improved as of SAP Business One Sales for Android, version 1.0.9. For both SAP Business One Sales and SAP Business One Service, we recommend that you use the domain name to generate a certificate and to connect from your mobile device. If you use the IP address, please follow solution B to re-generate a certificate.
- You are using iOS / iPadOS version 10.3 or later and have already configured an SSL certificate. As of iOS / iPadOS version 10.3, user-installed certificates are no longer trusted by default. You can set the certificate as trusted on the device from Settings → General → About → Certificate Trust Settings. Enable the required certificate and try connecting again.
This section explains how to obtain a valid certificate. >>> login S user for the Note