Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Web Dispatcher and SSL

Former Member

‎12-05-2012 2:13 PM

0 Kudos

Dear all,

I have the following situation. I am using Web Dispatcher 7.20 in front of a two application servers PI 7.30 system. Both Web Dispatcher and PI system are inside my LAN but they need to receive https requests from customers from the public internet. The network team here have supplied me with an "external" hostname for my Web Dispatcher. This can be called from the public internet and through NAT, it can reach my Web Dispatcher.

The external hostname and the Web Dispatcher have same hostnames but different domains therefore different FQDNs, for example:

External Hostname: hostname1.external.com

Web Dispatcher: hostname1.internal.com

My clients from the public internet will be calling https://hostname1.external.com/ which through NAT will go to https://hostname1.internal.com

The SSL will terminate at the SAP Web Dispatcher, therefore the communication from the SAP Web Dispatcher to the PI application servers will be http.

I understand I need to request an SSL certificate and install it in the SAP Web Dispatcher. When I create the request, I will supply the FQDN of the SAP Web Dispatcher (hostname1.internal,com).  I am concerned that because of the different FQDNs of the external and internal , the https://hostname1.external.com will not succeed.

Any suggestions please?

Many thanks

Andreas

3 REPLIES 3

Former Member

‎12-06-2012 3:51 AM

0 Kudos

Not sure but I think you can issue the certificates on the IP rather issuing them on the FQDN or have the root certificates placed in the web dispatcher so that chain is complete and mismatch dosent happen.

This my guess - let me know your views

Thanks,

Dev

Former Member

‎12-11-2012 3:28 PM

0 Kudos

Have you tried adding a SAN (subject alternative name) to the certificate? So, having https://hostname1.internal.com as the primary FQDN and https://hostname1.external.com as the SAN? I think this could work.

If the solution is high available, I would be careful with using IP addresses as it could lead to issues in fail over situations.

Kind regards,
Maaike

Former Member
In response to Former Member

‎12-12-2012 2:42 AM

0 Kudos

agree with Maaike - there could be issues.

Thanks,

Dev