Home
SMP Configurations after Installing Innovapptive Products
This section guides you with the required SMP Configurations after installing Innovapptive Mobile Products.
Authenticate users using HTTPs Authentication
Set up HTTPs communication between SMP and Gateway System.
Establish trust between SMP and Gateway
To establish trust between SMP and Gateway servers using HTTPs communication channel, do the following:
Generate Root Certificate for HTTPs Authentication using OpenSSL
SMP default certificates do not work for HTTPs connections. You can use OpenSSL to generate RootCA and corresponding technical certificates for mutual setup or use Internal PKI Server for generating certificates.

Title and Copyright
Copyright and Terms of Use for the Post Install or Post Upgrade Configurations Guide for mAssetTag, mWorkOrder, mInventory, mServiceOrder, mWorkList and all other solutions of Connected Workforce Platform^TM .
Preface
Understand audience, know related documents and products and conventions followed in this document.
Post-Install or Post-Upgrade Configurations for Innovapptive Products
This guide contains instructions for post install or post upgrade configurations for both SCP and SMP environments. Depending on the platform you are on, choose your configuration path.
SCP Configurations after Installing Innovapptive Products
This section guides you with the required SCP Configurations after installing Innovapptive Mobile Products.
SMP Configurations after Installing Innovapptive Products
This section guides you with the required SMP Configurations after installing Innovapptive Mobile Products.
- Access SMP Management Cockpit
  Use SMP Management Cockpit to deploy, manage, and monitor SMP-based applications, user registrations, and device connections.
- Define Application Authentication
  Define authentication for your applications that are being deployed on SMP.
- Authenticate users using HTTP Authentication
  Configure Innovapptive products on SMP Server and set up HTTP communication between SMP and Gateway System.
- Authenticate users using HTTPs Authentication
  Set up HTTPs communication between SMP and Gateway System.
  - Establish trust between SMP and Gateway
    To establish trust between SMP and Gateway servers using HTTPs communication channel, do the following:
    - Export Gateway Certificate
    - Import Gateway Certificate to SMP Server
    - Generate Root Certificate for HTTPs Authentication using OpenSSL
      SMP default certificates do not work for HTTPs connections. You can use OpenSSL to generate RootCA and corresponding technical certificates for mutual setup or use Internal PKI Server for generating certificates.
    - Import OpenSSL Certificate to SMP Certificate
      Import a Root Certificate and Technical Certificate to the SMP Key store. The certificates are generated from the Innovapptive Internal CA Server.
    - Import Technical Certificate to Local SMP Certificate
      This is a local certificate and valid only on the local system. This is used as an authentication parameter for mutual trust between SMP and GW.
    - Import Root and Intermediate Certificate to Shared KeyStore Entries
      This certificate establishes a mutual connection with SMP and backend system. The same certificate is imported into the Gateway Sandbox.
    - Import the SMP Root CA to Gateway System
      Import SAMA Internal Root CA RootCA.cer into the Gateway Sandbox to complete the mutual trust setup.
  - Create security profile for HTTPs Authentication
    Create security profile for Basic HTTPs Authentication with SSO2 Tokens.
  - Create an Application using HTTPs Authentication
  - Test HTTPs authentication using REST client
- Authenticate users using LDAP Server
  Authenticate an end user using LDAP Authentication and manage communication between SMP and Gateway system using HTTPs ports.
- Authenticate users using SAML Authentication
  Authenticate an end user using SAML/ADFS Server and manage communication between SMP and Gateway system using HTTPs ports.
- Authenticate users using X.509 Authentication
  Authenticate an end user using X.509 Server and manage communication between SMP and Gateway system using HTTPs ports.
- Integrate SMP with Azure AD
- Configure Push Notifications for SMP
  Field workers gets an alert when an item to which he /she is tagged to is created or modified. However, if the app is not launched on the device, they do not receive these alerts. You must configure Push Notifications to send the alerts to the workers even when the app is not opened in the device.
- Manage Resource File in SMP
  Resource File in SMP helps you centrally administer and manage common settings.
Configure Roles and Authorization for Products
Configure roles and provide authorizations to do tasks using Innovapptive products.

Generate Root Certificate for HTTPs Authentication using OpenSSL

SMP default certificates do not work for HTTPs connections. You can use OpenSSL to generate RootCA and corresponding technical certificates for mutual setup or use Internal PKI Server for generating certificates.

Use this Root Certificate for the child/signed certificates to be recognized by the server/client. You need CA Server and Mobile Device Management for certificate distribution. Before proceeding, ensure you have:

OpenSSL Software installed. You can use the link to download: https://www.openssl.org/.
These details to generate Certificate for SMP Server
- Country Name—Country where you have the SMP Server
- State or Province Name
- Locality Name
- Organization Unit
- Organization Unit Name
- Common Name
- Email ID – Optional
SMP Keystore password

Assumptions

You have discussed with Innovapptive and your organization about the HTTPs setup and certificate replacements. You have a backup of the entire SMP Software including certificates. You are aware of OpenSSL standards.
Your organization has decided to use OpenSSL certificates instead of your Organizations PKI & RootCA.

If your organization has an internal PKI System, use it to generate the certificates signed by your Organization RootCA.

To create RootCA for SMP using OpenSSL:

Open Command Prompt and navigate to OpenSSL-Win64\bin.
Run these commands:
1. openssl genrsa -des3 -out RootCertificate.key 2048
  Note: Your password should be same as SMP Keystore Password.
2. openssl req -new -x509 -days 9999 -key RootCertificate.key -out RootCertificate.crt
3. openssl genrsa -des3 -out smp.key 2048
4. openssl req -new -key smp.key -out smp.csr
5. Openssl x509 -req -days 365 -in smp.csr -CA RootCertificate.crt -CAkey RootCertificate.key-set_serial 01 -out smp.crt
6. openssl pkcs12 -export -clcerts -in smp.crt -inkey smp.key -out smp.p12