Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

SSL with different hostname

BSG
Active Participant
0 Kudos

Hi,

For our SAP BW system running on host serv_01 we would like to use a more functional hostname for the enduser access, e.g. sapbw. For this we have created an alias in the dns: sapbw, pointing to serv_01.

The idea is that end users will then use sapbw in their URLs to access the system, e.g. http(s)://sapbw/sap/bw/BEx in stead of http(s)://serv_01/sap/bw/BEx. For http access this goes fine. However, when using https we encounter certificate problems. Internet explorer is giving certificate errors mentioning that the hostname mentioned in the certificate (probably serv_01?) is not the hostname in the url (sapbw).

Did anyone try to use such a functional hostname with an alias to the technical hostname and succeeded in this? Any other ideas?

Thanks,

Regards,

Bart

1 ACCEPTED SOLUTION

Former Member
0 Kudos

The CN part of the subject must equal the server name. This rule is enforced by all browsers to thwart man-in-the-middle attacks using the DNS and forms an important part of the security SSL (or TLS) offers (although there are always ways around it, of course). So just issue the server a certificate with the correct name and you're done.

4 REPLIES 4

Former Member
0 Kudos

The CN part of the subject must equal the server name. This rule is enforced by all browsers to thwart man-in-the-middle attacks using the DNS and forms an important part of the security SSL (or TLS) offers (although there are always ways around it, of course). So just issue the server a certificate with the correct name and you're done.

BSG
Active Participant
0 Kudos

Hi Sietze,

Thanks for your answer. I indeed have things working at this moment. Problem was that I performed some previous tests and internet explorer still had some certificates loaded, causing the error messages. As you already mentioned the CN in the certificate should describe the hostname in the url. This brings us to another problem. We would like a smooth transition from the old name serv_01 to sapbw. To prevent lots of service desk calls we would temporary like both urls to point to the same BW system.

Thus:

https://serv01/sap/bw/bex

and

https://sapbw/sap/bw/bex

To point to the same BW system (with only one server).

However, then we would face the CN problem in the certificate. Is there any easy way to make this work? Or should we temporarely install 2 SAP Web Dispatchers on seperate servers, which redirect to the BW system?

Thanks,

Bart.

Former Member
0 Kudos

Why so hard? Just have an apache server on serv01 that redirects (after a certain period of time) to sapbw. You can then also display a message to users explaining things. Of course, the solution with both web dispatchers will also work.

BSG
Active Participant
0 Kudos

Decided to use a dns alias.