I've used this material
Prerequisites
1. You need to have B1i installed
2. You need the current .keystore password located at: C:\Program Files (x86)\SAP\SAP Business One
Integration\IntegrationServer\Tomcat\conf\server.xml
3. Search the XML document for the keystorePass attribute. Default that I have observed has been
sapB1iP
4. You need a domain name associated with your raw IP address. IE, mobile.lhimports.com as an
example. This must resolve to their static IP address with an A record in the subdomains DNS.
Initialize OpenSSL
1. Go to: http://slproweb.com/products/Win32OpenSSL.html
2. Download and install Visual C++ 2008 Redistributables (x64)
3. Download and install Win64 OpenSSL v1.0.1L Light
4. Install everything with default settings
5. Start Run and run “cmd /admin” or manually run Command Prompt as Administrator. This is
critical because it will give you various failed RND errors especially on Server 2012
6. Navigate to C:\OpenSSL-Win64\bin
7. Enter: set OPENSSL_CONF=c:\openssl-win64\bin\openssl.cfg
(NOTE: View these screenshots to see what a successful command completion looks like, some of the
commands do not produce a positive confirmation, they simply advance to the next line. After a series of
commands, these screenshots will show you what the result should be.)
Create Root Server Certificate
(Keep in mind you can copy and paste these into the command prompt, but you have to click the icon in the
upper left, Edit >> Paste. CTRL + V will NOT work!)
Anything highlighted in YELLOW needs to be modified, everything else you can leave the same.
1. Enter: openssl genrsa -out ServerKey.key 1024
SAP Business One Application: SAP Business One B1i SSL Integration Installation (Details)
2. Enter: openssl req -new -x509 -key ServerKey.key -out myCA.cer -days 3650 -subj /
CN="custom_CA_name"
3. custom_CA_name can be whatever you want and shows up later when installing on the mobile devices
as the profile name.
Create Self-Signed Certificate for Domain
1. Enter: openssl genrsa -out ClientKey.key 1024
2. Enter: openssl req -new -key ClientKey.key -out CertReq.csr -subj /CN="server_domain_name"
3. server_domain_name must be your subdomain which was created in Prerequisites step #4. Something
like mobile.yourcompanywebsite.com. You will eventually feed this back to your mobile app using the
server mobile.yourcompanywebsite.com:8443 (or whatever your SSL port is). This can simply be your
IP address (209.253.12.153 for example, NO PORT IS REQUIRED for this step just the IP address) as
well and does not need to have the HTTP:// or HTTPS:// in front of it. (*Special thanks to Heath Gardner
for testing the IP address theory and verifying that it works.)
4. Enter: openssl x509 -req -days 3650 -in CertReq.csr -CA myCA.cer -CAkey ServerKey.key -
CAcreateserial -out ClientCert.crt
Deploy the Certificate
1. Enter: openssl pkcs12 -export -inkey ClientKey.key -in ClientCert.crt -out keystore.pkcs12
2. You will be prompted to enter a password, which will be the password from Prerequisites step #2-3
(should be sapB1iP). You will enter the password, but you will not see anything in the command
SAP Business One Application: SAP Business One B1i SSL Integration Installation (Details)
prompt, this is NORMAL. You will have to confirm and you will also see nothing when typing the
confirmation password, this again is normal.
3. Manually copy (using regular File Explorer) the file C:\OpenSSL-Win64\bin\keystore.keystore.pkcs12
to C:/Program Files (x86)/SAP/SAP Business One Integration/IntegrationServer/Tomcat/webapps/
B1iXcellerator/
4. In command prompt, change directory to C:\Program Files (x86)\SAP\SAP Business One Integration
\IntegrationServer\Tomcat
5. NOTE: the next step might vary depending on your Windows Server version. I have observed different
behaviours.
6. Enter: keytool
7. Push Enter
8. If the file is found and you see the help then follow the next steps, if the file is NOT found
then go to “Deploy the Certificate (Option #2). If the file is found, then continue with the
next steps.
9. NOTE: See screenshot after step 16 for successful confirmation prompts.
10.Enter: keytool -delete -alias tomcat -keystore ./webapps/B1iXcellerator/.keystore -storepass sapB1iP
11.Use your password from Prerequisites step #2. Likely to be sapB1iP.
12.Enter: keytool -importkeystore -srckeystore ./webapps/B1iXcellerator/keystore.pkcs12 -srcstoretype
PKCS12 -destkeystore ./webapps/B1iXcellerator/.keystore -deststoretype JKS -deststorepass sapB1iP -
srcstorepass sapB1iP
13.Use your password from Prerequisites step #2. Likely to be sapB1iP.
14.Enter: keytool -changealias -alias 1 -destalias tomcat -keystore ./webapps/B1iXcellerator/.keystore -
storepass sapB1iP
15.Use your password from Prerequisites step #2. Likely to be sapB1iP.
16.All steps should be successful at this point:
Deploy the Certificate (Option #2)
1. If you do not find keytool installed in the environmental variables we have to manually run the program
from the exe directory and declare our keystore files with their whole drive paths as follows.
2. In command prompt, change directory to C:\Program Files (x86)\SAP\SAP Business One Integration
\sapjre_7_64\jre\bin
SAP Business One Application: SAP Business One B1i SSL Integration Installation (Details)
3. This directory is where the keytool exists so we need to run the following from here. To confirm you
have the right directory, in the command prompt enter: keytool and push enter and you should see a
help prompt. This means you have the correct directory.
4. NOTE: See screenshot after step 10 for successful confirmation prompts.
5. Enter: keytool -delete -alias tomcat -keystore "C:/Program Files (x86)/SAP/SAP Business One
Integration/IntegrationServer/Tomcat/webapps/B1iXcellerator/.keystore" -storepass sapB1iP
6. Use your password from Prerequisites step #2. Likely to be sapB1iP.
7. Enter: keytool -importkeystore -srckeystore "C:/Program Files (x86)/SAP/SAP Business One
Integration/IntegrationServer/Tomcat/webapps/B1iXcellerator/keystore.pkcs12" -srcstoretype PKCS12
-destkeystore "C:/Program Files (x86)/SAP/SAP Business One Integration/IntegrationServer/Tomcat/
webapps/B1iXcellerator/.keystore" -deststoretype JKS -deststorepass sapB1iP -srcstorepass sapB1iP
8. Use your password from Prerequisites step #2. Likely to be sapB1iP.
9. Enter: keytool -changealias -alias 1 -destalias tomcat -keystore "C:/Program Files (x86)/SAP/SAP
Business One Integration/IntegrationServer/Tomcat/webapps/B1iXcellerator/.keystore" -storepass
sapB1iP
10.Use your password from Prerequisites step #2. Likely to be sapB1iP.
Restart B1i Server
1. Find the “Run” prompt
2. Enter “services.msc”
3. Shut down SAP Business One Integration Service, SAP Business One EventSender Service, SAP
Business One DI Proxy Service, SAP Business One DI Proxy Service Monitor. Shut them down in that
order.
4. Start them up in the same order you shut them down.
Installing on Your Devices
Procedure for iOS devices
1. Email C:\OpenSSL-Win64\Bin\myCA.cer file to the iOS device
2. NOTE: The certificate file will most likely not be visible in your mail client (Outlook, etc.), you
have to send it unzipped to the mobile devices where it will be visible to install.
3. Click the email attachment to install the CA into the system
Procedure for Android devices
1. Copy the C:\OpenSSL-Win64\Bin\myCA.cer file via a microSD card onto the Android device
2. Install the file via Settings -> Security -> Credential Storage and selecting “Install from
storage” and follow the prompts
Hope this helps.