We have a setup as follows:
SOAP client ==> HTTPS ==> Web Dispatcher (Terminates SSL + Re-encrypts) ==> HTTPS ==> Backend PI7.1
The setup is based on help.sap.com topic "X.509-Based Logon to NW AS from SAP Web Dispatcher" for PI7.1. Even though the client forward parameter ( icm/HTTPS/forward_ccert_as_header = true) is set in Webdispatcher profile, it does not forward the certificate to the backend. Instead we get a basic authentication screen when we hit the webdispatcher URL. In the webdispatcher trace we see the below error. The webdisp is unable to add the cert to the HTTP header of the message going to the backend PI system.
Thr 2736] <<- SapSSLGetPeerInfo(sssl_hdl=00000000247CE840)==SAP_O_K
[Thr 2736] HttpModGetDefRules: Client certificate received: with
len=1773, subj="CN=xxxxxx", issuer="CN=xxxxx, O=xxxx, C=US",
cipher="SSL_RSA_WITH_RC4_128_SHA"
[Thr 2736] HttpModGetDefRules: determined actions: 20
[Thr 2736] <<- SapSSLGetPeerInfo2(sssl_hdl=00000000247CE840)==SAP_O_K
[Thr 2736] result = "#certs= 3, keysize= 128, cipher= 0005"
[Thr 2736] HttpModHandler: add cert to headers: cert_array_len=3,
cipher_id_len=2, cipher_size=128
[Thr 2736] *** ERROR => HttpModHandler: base64encode failed(26)
[http_rewrite 1535]
[Thr 2736] *** ERROR => HttpModHandler: base64encode failed(26)
[http_rewrite 1535]
[Thr 2736] *** ERROR => HttpModHandler: base64encode failed(26)
[http_rewrite 1535]
[Thr 2736] cipher_suite: 0005
[Thr 2736] HttpModHandler: perform the actions: 20
[Thr 2736] MPI<4>1#4 GetOutbuf -1 7e2160 65536 (0) -> 00000000041421D0
131072000 MPI_OK
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.