01-21-2009 1:09 PM
Hi,
For our SAP BW system running on host serv_01 we would like to use a more functional hostname for the enduser access, e.g. sapbw. For this we have created an alias in the dns: sapbw, pointing to serv_01.
The idea is that end users will then use sapbw in their URLs to access the system, e.g. http(s)://sapbw/sap/bw/BEx in stead of http(s)://serv_01/sap/bw/BEx. For http access this goes fine. However, when using https we encounter certificate problems. Internet explorer is giving certificate errors mentioning that the hostname mentioned in the certificate (probably serv_01?) is not the hostname in the url (sapbw).
Did anyone try to use such a functional hostname with an alias to the technical hostname and succeeded in this? Any other ideas?
Thanks,
Regards,
Bart
01-21-2009 1:58 PM
The CN part of the subject must equal the server name. This rule is enforced by all browsers to thwart man-in-the-middle attacks using the DNS and forms an important part of the security SSL (or TLS) offers (although there are always ways around it, of course). So just issue the server a certificate with the correct name and you're done.
01-21-2009 1:58 PM
The CN part of the subject must equal the server name. This rule is enforced by all browsers to thwart man-in-the-middle attacks using the DNS and forms an important part of the security SSL (or TLS) offers (although there are always ways around it, of course). So just issue the server a certificate with the correct name and you're done.
01-21-2009 2:28 PM
Hi Sietze,
Thanks for your answer. I indeed have things working at this moment. Problem was that I performed some previous tests and internet explorer still had some certificates loaded, causing the error messages. As you already mentioned the CN in the certificate should describe the hostname in the url. This brings us to another problem. We would like a smooth transition from the old name serv_01 to sapbw. To prevent lots of service desk calls we would temporary like both urls to point to the same BW system.
Thus:
and
To point to the same BW system (with only one server).
However, then we would face the CN problem in the certificate. Is there any easy way to make this work? Or should we temporarely install 2 SAP Web Dispatchers on seperate servers, which redirect to the BW system?
Thanks,
Bart.
01-22-2009 12:58 PM
Why so hard? Just have an apache server on serv01 that redirects (after a certain period of time) to sapbw. You can then also display a message to users explaining things. Of course, the solution with both web dispatchers will also work.
06-02-2009 6:55 AM