Web Dispatcher Cascade - SSL configuration
I have successfully configured a Web Dispatcher Cascade. Now I want to setup SSL for this scenario.
Can anybody provide useful information / tutorials / blogs / best practices for this issue?
If I am right I cannot use End-To-End SSL. So I have to terminate SSL on every Web Dispatcher.
In addition to this I configured the second (inner) Web Dispatcher to connect to many systems depending on the port using the
wdisp/system_1 = SID=ER1, MSHOST=saperp1, MSPORT=8100, SRCSRV=*:8010
What about Metadata Exchange Using SSL? Is this possible in such a scenario?
Olivier CHRETIEN replied
Is it true, that I should use a "real" (not self-signed) certificate only for the Web Dispatchter accessed from the internet? Can I use self-signed certificates for the other connections (WEBAS <
> WD2 <> WD1)?
I think so but you will have to import the self-signed certificate of WD2 in the PSE of WD1.
Could you provide an example configuration for this scenario? Which parameters are important and should be considered?
Sorry, I 've never cascaded 2 web dispatchers.
In this case I would prefer to use a certificate from SAP CA for this Web Dispatcher. Is the corrensponding root certificate available in common browsers?
No, SAP CA is not a well known CA...
You say you are using an Apache Reverse Proxy. What is the advantage over using the Web Dispatcher (if there is any)?
Well, as the web dispatcher was not "qualified" by our security team, I had no choice but to use Apache...
One advantage was to be able to rewrite URLs and to use the same Apache for an SRM and a PI backoffice system.
Is it possible to hide / rewrite URLs there like:
https://mydomain.com/sap/bc/gui/sap/its/webgui to https://mydomain.com/webgui ?
Yes, with Apache and Web dispatcher 7.2. Before 7.2, it was only possible to use URL redirects.