03-24-2011 2:52 PM
Greetings,
We are planning to configure SSL in our portal environment.
Scenario 1: User (From Internet) ->(HTTPS)-> Apache Reverse Proxy ->(HTTPS)-> Web Dispatcher (SSL Termination and re-encryption) ->(HTTPS)-> Portal
Scenario 2: User (From Intranet) ->(HTTPS)-> Web Dispatcher (SSL Termination and re-encryption) ->(HTTPS)-> Portal
Can anyone please let me know at what level I need to configure SSL and how do I proceed in both scenarios? Do I have to install SSL at portal, web dispatcher or at Apache level? Will SSL termination work for scenario 2?
Any help would be appreciated.
Thanks,
Sham
03-25-2011 11:30 AM
Hi
check this wiki,it explains proxy config in detail.[http://wiki.sdn.sap.com/wiki/display/BSP/Using+Proxies]
Also if you are going for Secured environment,you will have to enable SSL for all the system accessible through portal using SSO.
SSL communication can be a bit slow ,so i won't recommend it for internal facing portal.
Regards
03-24-2011 4:47 PM
The majority of the work here is around configuring your Web Dispatcher and Apache Reverse proxy. The work on the portal is straight forward enabling of SSL.
You can follow http://help.sap.com/saphelp_nw2004s/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm for setting this up.
what level I need to configure SSL and how do I proceed in both scenarios?
Your question itself says where you need SSL. SSL is required where ever you need HTTPS communication.
how do I proceed in both scenarios?
From a portal perspective, the configuration should remain the same.
Do I have to install SSL at portal, web dispatcher or at Apache level?
SSL needs to be configured at all the 3 levels if you are looking at end to end SSL implementation.
See the following for possible SSL implementation options:
http://help.sap.com/saphelp_nw04/helpdata/en/d8/a922d7f45f11d5996e00508b5d5211/frameset.htm
https://cw.sdn.sap.com/cw/docs/DOC-115509
Will SSL termination work for scenario 2?
Yes this should work - see http://help.sap.com/saphelp_nw2004s/helpdata/en/36/fd39eacf4cde4a8fe32d7f29b3db16/frameset.htm
However in case of SSL Termination, the request to your portal from the web dispatcher will be sent as HTTP.
I would recommend you to take a step by step (backward approach).
First, enable SSL on your portal and make sure it works - going directly to the server.
Then, you can introduce the Web Dispatcher - and test if every thing works going through the web dispatcher.
Finally - you can test the end to end flow - with your Reverse proxy involved.
- Shanti
03-25-2011 11:30 AM
Hi
check this wiki,it explains proxy config in detail.[http://wiki.sdn.sap.com/wiki/display/BSP/Using+Proxies]
Also if you are going for Secured environment,you will have to enable SSL for all the system accessible through portal using SSO.
SSL communication can be a bit slow ,so i won't recommend it for internal facing portal.
Regards