on 03-05-2012 7:52 AM
Hi,
I have 1 webdispacher 7.2 server & 1 solman system.
I want internet web connections to solman web (https 8101) have to bassby webdispatcher server firstly - SAP Web Dispatcher 7.2 is configured for End-to-End SSL for simplicity
Here's Webdispatcher profile's content:
-
unique instance number
SAPSYSTEM = 1
wdisp/shm_attach_mode = 6
add default directory settings
DIR_EXECUTABLE = D:\usr\sap
DIR_INSTANCE = D:\usr\sap
configuration for default scenario (medium size)
icm/max_conn = 500
icm/max_sockets = 1024
icm/req_queue_len = 500
icm/min_threads = 10
icm/max_threads = 50
mpi/total_size_MB = 80
#Standard SSL configuration
ssl/ssl_lib = D:\usr\sap\sapcrypto.dll
ssl/server_pse = D:\usr\sap\SAPSSLS.pse
SAP Web Dispatcher Parameter
wdisp/auto_refresh = 25
wdisp/max_servers = 100
#maximum number of concurrent connections to one server
wdisp/HTTP/max_pooled_con = 500
wdisp/HTTPS/max_pooled_con = 500
#WDP server ports:
icm/server_port_0 = PROT=ROUTER,PORT=60000,TIMEOUT=120
icm/server_port_1 = PROT=HTTPS,PORT=0
#WDP 7.20 can connect to different systems, the following parameter was set:
wdisp/system_0 = SID=SOL,MSHOST=solserver.abc.com,MSSPORT=8101,SRCSRV=:443*
#Metadata exchange should be done via HTTPS:
wdisp/server_info_protocol = https
#HTML dump into trace (for production: trace level 1 ()default; for testing: trace level 3):
icm/trace_secured_data = 1
rdisp/TRACE = 3
SAP Web Dispatcher Web Administration
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=./admin,AUTHFILE=icmauth.txt
-
When I run command sapwebdisp.exe pf=sapwebdisp.pfl -checkconfig, it shows error as following:
-
...
Server info will be retrieved from host: solserver.abc.com:8101 with protocol: https
Checking connection to message server of system SOL...
[Thr 3596] Mon Mar 05 02:45:17 2012
[Thr 3596] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERR
OR_CONNECTION_LOST
[Thr 3596] session uses PSE file "D:\usr\sap\SAPSSLS.pse"
[Thr 3596] No Secude Error present in trace stack!
[Thr 3596] SSL_get_state() returned 0x00002120 "SSLv3 read server hello A"
[Thr 3596] SSL NI-sock: local=192.168.111.1:3492 peer=172.18.2.200:8101
[Thr 3596] <<- ERROR: SapSSLSessionStart(sssl_hdl=0000000000656530)==SSSLERR_SSL
_CONNECT
ERROR: SapSSLSessionStart failed SSSLERR_SSL_CONNECT(-57)
Check ended with 1 errors, 0 warnings
-
I think if I use Webdisp End-2-End SSL, the webdispatcher should only forward SSL request to message server; why does it use its own SAPSSLS.pse to connect to the message server. What should I do to solve the SSL error?
Thanks,
> I think if I use Webdisp End-2-End SSL, the webdispatcher should only forward SSL request to message server; why does it use its own SAPSSLS.pse to connect to the message server. What should I do to solve the SSL error?
Hi,
Because you set
#Metadata exchange should be done via HTTPS:
wdisp/server_info_protocol = https
which means that the connection from the web dispatcher to the message server uses https.
It is different from the connection from the web browser to solman.
Regards,
Olivier
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi
Sorry: icm/server_port_0 = PROT=ROUTER,PORT=60000,TIMEOUT=120
--> icm/server_port_0 = PROT=ROUTER,PORT=443,TIMEOUT=120
wdisp/server_info_protocol = https because wdisp/system_0 = SID=DE1,MSHOST=solserver.abc.com,MSSPORT=8101,SRCSRV=*:443 (8101 : https).
I'm wondering that SSL at solman server has no relation to SSL at webdisp server; is it right? And for Webdisp End-2-End SSL scenario, I only have to make sure SSL at solman run well?
Hi Toan,
In matter of fact, in your current configuration you don't have any configuration of SSL server on Web Dispatcher. The requests that contain SSL and connects to the Web Dispatcher are forwarded directly to the SolMan system. Your assumption is correct, if you have end-to-end SSL, you only have to make sure that the SSL on SolMan stand healthy.
As Olivier described earlier, the reason why you receive the SSL errors is because you are using SSL for communicating between the Web Dispatcher and the message server.
Cheers,
Maurício
User | Count |
---|---|
71 | |
26 | |
10 | |
9 | |
7 | |
6 | |
4 | |
4 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.