cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Webdispatcher with end-to-end SSL

Go to solution
Former Member

on ‎06-14-2012 12:14 AM

0 Kudos

I am currently configuring a webdispatcher with end to end SSL config for a NWCE CI with 2 app servers running SAP Sourcing 7.0. 

Does anyone have a good write up on how the configuration is to be done?  Please don't refer to the SAP help pages, as I have already gone through that. 

I have put the parameters in, but when coming in with HTTPS, the connection is not getting established on the webdispatcher.

here are the errors in the dev_webdisp file:

Thr 2588] *** ERROR => RoutePlgAttachToNewServer: IcrAttachToServer(75.176.70.225) for group HTTPS: rc=13 [route_plg.c  1220]

[Thr 2588] *** ERROR => RoutePlugInStartConn: RoutePlgAttachToNewServer(75.176.70.225): rc=-1 [route_plg.c  659]

[Thr 2588] *** ERROR => IcmConnInitServer: PluginStartConn failed (rc=701) [icxxconn.c   1477]

[Thr 824] *** ERROR => RoutePlgAttachToNewServer: IcrAttachToServer(75.176.70.225) for group HTTPS: rc=13 [route_plg.c  1220]

[Thr 824] *** ERROR => RoutePlugInStartConn: RoutePlgAttachToNewServer(75.176.70.225): rc=-1 [route_plg.c  659]

[Thr 824] *** ERROR => IcmConnInitServer: PluginStartConn failed (rc=701) [icxxconn.c   1477

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎06-14-2012 5:18 AM
0 Kudos

Hi Jayson,

From your problem, it looks like that Web dispatcher is working fine for http. Hence you should have done below steps :

1) Configure web dispatcher logon group

2) Activate public ICF nodes

3) Create web duspatcher profile.

4) Ensure that ports are assign correctly in below parameters:

icm/server_port_0 = PROT=HTTP,PORT=445<XX>,TIMEOUT=…

icm/server_port_1 = PROT=HTTPS,PORT=446<XX>,TIMEOUT=…

icm/server_port_2 = PROT=ROUTER,PORT=447<XX>,TIMEOUT=…

icm/server_port_3 = PROT=HTTPS,PORT=448<XX>,TIMEOUT=…

icm/HTTP/admin_0 = PORT=448<XX>,PREFIX=…

5) Maintained web dispatcher start stop commands in Start profiles.

If you only have problem with https, SSL Libraries and PSE files required. You should installed crypgraphic libraries & generate PSE file with transaction Strustsso2.

To Update SSL Client PSE with SSL Server Public Keys:

1) set wdisp/ssl_encrypt = 2

2) Manually import SSL server Public keys as web dispatcher acts as an SSL client.

Check below screens for step 2.

Regards

Vishal

Show replies
Show replies
Former Member
‎06-14-2012 2:19 PM
0 Kudos

Vishal,

The webdispatcher is in front of a NWCE JAVA only system so the ABAP doesn't apply to me. 

My webdispatcher is setup for end-to-end SSL using the PROT=ROUTER for port 443, so any HTTPS request that comes through, it just forwards it to the application server where it terminates.

The error i'm getting looks like the request is not being pushed to the backend application server correctly. 

Here is my webdispatcher profile, can you see anything missing?

SAPSYSTEMNAME = XXX

SAPGLOBALHOST = XXXXXXX

SAPSYSTEM = 00

INSTANCE_NAME = W00

DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTAMD64

DIR_EXECUTABLE = $(DIR_CT_RUN)

DIR_PROFILE = $(DIR_INSTALL)\profile

_PF = $(DIR_PROFILE)\CWD_W00_XXXXXX

SETENV_00 = PATH=$(DIR_EXECUTABLE);%(PATH)

#-----------------------------------------------------------------------

# Accesssability of Message Server

#-----------------------------------------------------------------------

rdisp/mshost = XXXXX

ms/http_port = 8101

ms/https_port = 443

#-----------------------------------------------------------------------

# Configuration for medium scenario

#-----------------------------------------------------------------------

icm/max_conn = 500

icm/max_sockets = 1024

icm/req_queue_len = 500

icm/min_threads = 10

icm/max_threads = 50

mpi/total_size_MB = 80

#-----------------------------------------------------------------------

# SAP Web Dispatcher Ports

#-----------------------------------------------------------------------

icm/server_port_0 = PROT=HTTP,PORT=81$$

icm/server_port_1 = PROT=HTTP,PORT=80,TIMEOUT=3600,PROCTIMEOUT=3600

icm/server_port_2 = PROT=ROUTER,PORT=443,TIMEOUT=60,PROCTIMEOUT=60

#-----------------------------------------------------------------------

# Start webdispatcher

#-----------------------------------------------------------------------

_WD = $(DIR_EXECUTABLE)\sapwebdisp$(FT_EXE)

Start_Program_00 = local $(_WD) pf=$(_PF)

icm/HTTP/redirect_0 = PREFIX=/, FOR=XXXXXXXXXXXXXXX, TO=/sourcing/fsvendor/vendordesktop/login

wdisp/HTTPS/dest_logon_group = HTTPS

ssl/ssl_lib = $(DIR_EXECUTABLE)$(DIR_SEP)$(FT_DLL_PREFIX)sapcrypto$(FT_DLL)

sec/libsapsecu = $(ssl/ssl_lib)

ssf/ssfapi_lib = $(ssl/ssl_lib)

Former Member
‎06-14-2012 5:33 PM
0 Kudos

Fixed on my own.  disabled the logon group parameter and requests began being routed correctly.

Answers (0)

Ask a Question