cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to configure SAP webdispatcher for SSL when using multiple URL's ?

Go to solution
Former Member

on ‎12-16-2008 9:01 PM

0 Kudos

Hi,

We are trying to get multiple URL's to access our BSP applications over one webdispatcher.

fi. https://xxx.business1.com/applic1 &

https://yyy.business2.com/applic2

Both URL's are directed to the same webdispatcher where we end the SSL.

From the webdispatcher we go over HTTP to the message server to allow for load balancing.

Everything is working fine except for the validation of the certificate for yyy.business2.com .

Problem is that even with a certificate list (so multiple certificates loaded on the PSE file) the webdispatcher will only validate the first certicate added on the PSE file.

How can we setup the architeture with webdispatcher so that it allows multiple URL's over HTTPS, so with multiple certificates ?

Thanks !!

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎12-16-2008 9:16 PM
0 Kudos

I have never tired to use multiple SSL certs in one PSE, but it is possible resolve your situation without it.

Install 2 instances of web dispatcher and let one listen for hostname xxx.business1.com

icm/server_port_0 = PROT=HTTPS,PORT=443,TIMEOUT=900,HOST=xxx.business1.com

and another for yyy.business2.com:

icm/server_port_0 = PROT=HTTPS,PORT=443,TIMEOUT=900,HOST=yyy.business2.com

Each one will have its own PSE and will listen and respond only for the appropriate hostname call.

This solution actually gives you more flexibility managing web connections.

Regards,

Slava

Show replies
Show replies
Former Member
‎12-17-2008 8:51 AM
0 Kudos

Hi,

Your solution will work but you need 2 different machines (1 for each web dispatcher). Otherwise, you will have to use different ports.

For the initial question I would try to open an OSS message but I am pessimistic for the results...

What I would do even it is much more complicated is to use Apache as a reverse proxy in front of the web dispatcher.

Regards,

Olivier

Former Member
‎12-17-2008 1:41 PM
0 Kudos

Olivier:

No need for 2 different machines or ports!

One NIC can easily support multiple IPs.

Each hostname is attached to a separate IP and there is no conflict.

I have 8 webdispatchers co-located on one server listening on the same port for 2 years now.

It works.

Peter:

If you use Apache as a reverse proxy, there is no need for Web Dispatchers.

Apache can do both reverse proxy and SSL termination for each of your hostnames.

I would stick with 2 web dispatchers, because it is easier to configure and you will have SAP support for the entire solution, since Web Dispatcher is an SAP product.

Regards,

Slava

Edited by: Slava Plyushchikov on Dec 17, 2008 11:00 AM

Former Member
‎12-18-2008 12:02 PM
0 Kudos

Hi,

>No need for 2 different machines or ports!

>One NIC can easily support multiple IPs.

>Each hostname is attached to a separate IP and there is no conflict.

Salva, of course you are right. I did not think about a multi IP server !

When using Apache as a reverse proxy, you still need a web disptacher if you want to use http load balancing on several application servers. But otherwise Apache is enough !

Regards,

Olivier

Former Member
‎12-18-2008 4:35 PM
0 Kudos

Salute Olivier,

Je suis tout à fait d'accord.

Because Peter mentioned two different hostnames, I thought he is trying to do SSL termination for 2 different SAP systems on one web disp, which means he does not do load balancing (web dispatcher can do load balancing only for one SAP system).

However, if he is using 2 aliases for the same SAP system and it has multiple nodes, there should be a web dispatcher behind Apache.

Another solution is two web dispatchers as was discussed before.

Regards,

Slava

Answers (1)

Answers (1)

Former Member
‎12-17-2008 11:46 AM
0 Kudos

Hi,

Thanks for Replying.

Do you happen to have a sample Apache configuration file ?

I think the trick would be to change the 2 hostnames fi. xxx.business1.com & yyy.business2.com

To one common on Apache fi. xyx.mydispatcher.com and add 1 certificate on the sapwebdispatcher onto this host.

Thanks

Show replies
Show replies
Ask a Question