ABAP SSL setup, multiple dialog instances, hostnam...

former_member101929 · ‎04-01-2011

Hello all. We are trying to enable SSL in our ABAP systems. We've had some good luck testing with test certs, however those certs had a wildcard for the server name. Now that we've actually purchased a cert with a specific name, we are getting hostname mismatch errors because the name is set to the message server, and when the URL is accessed the URL changes to one of the dialog instances.

So for example, the URL is util.city.com, when that URL is used, the message server forwards to util-ci1.city.com, or util-di1.city.com, and we get the hostname mismatch. I understand why, I know the names have to match exactly, but I can't imagine we're the first folks to have this issue.

I did try the parameter wdisp/ssl_certhost = util.city.com in the instance profiles, but it didn't have any effect. Do we need to obtain a cert for one of the dialog instances, and use this parameter to define it for all other dialog instances? We thought about just getting a cert for one di and sending all requests there, but it would be a shame to lose the ability to load balance.

I would greatly appreciate any advice. Thank you.

Former Member · ‎04-01-2011

Hi,

I use a SAP Web Dispatcher installed on the CI server for HTTP load balancing.

My solution to your problem, is to end the SSL connections on the Web Dispatcher. Therefore I just need one single signed certificate for the web dispatcher : problem solved !

Regards,

Olivier

martin_voros · ‎04-01-2011

Hi,

in his case he does not even need to terminate SSL connection. The problem with message server is that it changes hostname but that does not happen with web dispatcher.

You can just install your cert on each box, use parameter wdisp/ssl_certhost to set hostname to util.city.com and then do load balancing using web dispatcher. The client will connect only to web dispatcher so url won't change.

Cheers

ABAP SSL setup, multiple dialog instances, hostname mismatch issues.