12-05-2012 2:13 PM
Dear all,
I have the following situation. I am using Web Dispatcher 7.20 in front of a two application servers PI 7.30 system. Both Web Dispatcher and PI system are inside my LAN but they need to receive https requests from customers from the public internet. The network team here have supplied me with an "external" hostname for my Web Dispatcher. This can be called from the public internet and through NAT, it can reach my Web Dispatcher.
The external hostname and the Web Dispatcher have same hostnames but different domains therefore different FQDNs, for example:
External Hostname: hostname1.external.com
Web Dispatcher: hostname1.internal.com
My clients from the public internet will be calling https://hostname1.external.com/ which through NAT will go to https://hostname1.internal.com
The SSL will terminate at the SAP Web Dispatcher, therefore the communication from the SAP Web Dispatcher to the PI application servers will be http.
I understand I need to request an SSL certificate and install it in the SAP Web Dispatcher. When I create the request, I will supply the FQDN of the SAP Web Dispatcher (hostname1.internal,com). I am concerned that because of the different FQDNs of the external and internal , the https://hostname1.external.com will not succeed.
Any suggestions please?
Many thanks
Andreas
12-06-2012 3:51 AM
Not sure but I think you can issue the certificates on the IP rather issuing them on the FQDN or have the root certificates placed in the web dispatcher so that chain is complete and mismatch dosent happen.
This my guess - let me know your views
Thanks,
Dev
12-11-2012 3:28 PM
Have you tried adding a SAN (subject alternative name) to the certificate? So, having https://hostname1.internal.com as the primary FQDN and https://hostname1.external.com as the SAN? I think this could work.
If the solution is high available, I would be careful with using IP addresses as it could lead to issues in fail over situations.
Kind regards,
Maaike
12-12-2012 2:42 AM