on 03-25-2014 11:25 AM
Hello, I'm trying to configure SAP Web Dispatcher with SSL with re-encryption. I'm not interested in load balancing.
Systems info:
So far, I've done the following:
1- SSL Configuration in backend
a) Setting these parameters:
ssf/name
SAPSECULIB
ssl/ssl_lib
sec/libsapsecu
ssf/ssfapi_lib
icm/HTTPS/verify_client <---- Should I use 0, 1 or 2? The client should be the SAP Web disp, right? So I guess 2?
icm/server_port_<x>
b) Create Private key and Certificates and generate CSR certificate --> using STRUST
c) Import digitally signed entrust certificates into ABAP AS --> using STRUST
2 - SAP Web Dispatcher Installation and set the normal parameters
3 - Install the SAP Cryptographic Library in the SAP Web Dispatcher
4 - Creating the PSEs and Certificate Requests: SSLS (Server) and SSLC (Client) --> using sapgenpse in SAP Web Dispatcher
5 - Sending the Certificate Requests to a CA (Im using SAP Test SSL)
6 - Importing the Certificate Request Responses --> using sapgenpse in SAP Web Dispatcher
7 - Creating Credentials for the SAP Web Dispatcher --> using sapgenpse in SAP Web Dispatcher
8 - Setting these parameters in the SAP Web Dispatcher profile for SSL:
DIR_INSTANCE = <secudir Path>
ssl/ssl_lib = <secudir Path>sapcrypto.dll
ssl/server_pse = <secudir Path>\SAPSSLS.pse
ssl/client_pse = <secudir Path>\SAPSSLC.pse
icm/server_port_1 = PROT=HTTPS, PORT=<Port>, TIMEOUT=900
icm/HHTPS/verify_client = 0 --> I dont want clients from the Internet to provide certificate
wdisp/ssl_encrypt = 1
wdisp/ssl_auth = 2
wdisp/ssl_cred = <secudir Path>\SAPSSLC.pse
ms/https_port = <same port set in NW backend>
So far, my questions are the following:
Regards,
JAM
Since you are re-encrypting, I'm assuming you are not using X.509 user certificates hence it doesn't make sense to use verify_client in the backend system either. Yes, you can use HTTP for metadata exchange meaning SSL is not required. As long as the backend system trusts the root CA of the Web Dispatcher client certificate, there is no need to upload anything to the backend system.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.