cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP CRM WEB SHOP SSL OFFLOAD

Former Member

on ‎01-16-2012 12:54 PM

0 Kudos

Hi Guru's

We are implementing SAP CRM WEBSHOP on SAP CRM 6.0 with NW 7.0 SP18.The customer has a policy that all SSL offloading should be done via their hardware firewall appliance for SSL Offloading.

The solution uses Apache2 servers for reverse proxy linked to a SAP Web Dispatcher which load balances across the SAP Application Servers hosting the SAP CRM functionality.

My question is does SAP support the SSL Offload onto Hardware Firewall devices and if so could you share the configuration steps required to achieve this.

Best regards and thanks in advance

Willem

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

mvoros
Active Contributor
‎01-17-2012 1:50 AM
0 Kudos

Hi,

not sure what you mean by SSL Offload onto Hardware Firewall but SAP application server can accept HTTP and HTTPS connections. Same is true for web dispatcher. You can put whatever you want in front of them and it should work. That's the beauty of web. It's easy to compose things. I used nginx and lighthttpd as a reverse proxy to SAP application server and I had not problems at all. In both cases I did not use web dispatcher as load balancer. All config was specific to reverse proxy. There was no need to modify SAP configuration.

Cheers

Show replies
Show replies
Former Member
‎01-17-2012 10:05 AM
0 Kudos

Hi Martin

Thanks for the reply

The SSL offload portion refers to the customer wanting to use its hardware firewall device as the SSL termination point for sessions to and from the SAP CRM WEB SHOP application.

Meaning the firewall device will negotiate and establish an https session with the clientu2019s browser and terminate the session on the firewall device then pass back to the Apache2 reverse proxy normal http which in turn passes the session to the web dispatcher and SAP application servers.

During initial testing we could not connect to the Web Shop application via an https session, which lead me to log this message to understand if its supported and what configuration is required.

Best regards

Willem

mvoros
Active Contributor
‎01-17-2012 10:17 PM
0 Kudos

Hi,

theoretically it should work If you don't need to use web dispatcher for load balancing then I would get rid off it to simplify your landscape. Have you tried to trace where it fails? I guess monitoring logs of Apache and web dispatcher should help you to figure out what block your connections.

Cheers

Ask a Question