on 05-21-2014 12:27 PM
Hi Folks,
We are setting up our new WD i.e. of release 741 in our windows 2012 server and now we have to activate https.
Now our Network team is saying they can provide the wild card certifcate (comodo) and that need to be import in the system. Can you please guide me with the steps in this regard.
I am confused now
earlier we used to follow the below steps, but as per the network team, as we have wild card certificate (.pfx) then there is no need to create the certifcate and send it to get signed. We just need to import the certifcate and create credentials.
Install the SAP Cryptographic Library on the SAP Web Dispatcher.
I would appreciate if you can help to get a clear step of configuratuion in this regard.
Thanks & Regards,
Satyabrat
Use import_p12, see Creating SAPSSLS.pse with certificates generated in openssl - Basis Corner - SCN Wiki and for details.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Samuli,
Thanks for the helpful links. In my case I need not to create or generate certificate, as I am getting a certificate (certificate.pfx) from my IT team which is already signed by comodo and its a wildcard certificate.
In this scenario I only have to import the certificate using below command after the installation, and after https should work fine, please correct me if I am wrong or I am missing anything.
sapgenpse import_p12 -p SAPSSLS.pse certificate.pfx
BR,
Satyabrat
Hi Samuli,
Yes i.e again a point of concern, when I checked with the IT team on the .pfx file, they are saying, the file itself contains intermediate and root certificate in it. I also had checked the same, when I unzip the file I got these certificates.
According to them if I will import the .pfx file all the certificate will get import automatically. and no need to import it individually.
So here the question is whether it works like this. I am not sure on this part.
BR,
Satyabrat
Thanks Samuli
Now I want to access my portal system using webdispatcher,
What are the parameter need to be setup. My profile parameters looks as below but stll I can't access my portal system
# Accesssability of Message Server
#-----------------------------------------------------------------------
rdisp/mshost = <Hostname EnterprisePortal>
ms/http_port = 8101
ms/https_port = 8443
#-----------------------------------------------------------------------
# Configuration for medium scenario
#-----------------------------------------------------------------------
icm/max_conn = 500
icm/max_sockets = 1024
icm/req_queue_len = 500
icm/min_threads = 10
icm/max_threads = 50
mpi/total_size_MB = 80
#-----------------------------------------------------------------------
# SAP Web Dispatcher Ports
#-----------------------------------------------------------------------
icm/server_port_0 = PROT=HTTP,PORT=6666
#icm/server_port_1 = PROT=HTTP,HOST=localhost,PORT=81$$
icm/HTTP/admin_0 = PREFIX=/sap/admin,DOCROOT=$(DIR_DATA)$(DIR_SEP)icmandir,AUTHFILE=$(icm/authfile),PORT=81$$
icm/server_port_1 = PROT=HTTP,PORT=7777,TIMEOUT=900,PROCTIMEOUT=900
icm/server_port_2 = PROT=HTTPS,PORT=8443,TIMEOUT=900,PROCTIMEOUT=900
icm/keep_alive_timeout = 900
icm/host_name_full = <Hostname webdisptacher>.abc.com
#-----------------------------------------------------------------------
# Start webdispatcher
#-----------------------------------------------------------------------
_WD = $(DIR_EXECUTABLE)\sapwebdisp$(FT_EXE)
Start_Program_00 = local $(_WD) pf=$(_PF)
SETENV_01 = SECUDIR=$(DIR_INSTANCE)/sec
#---------------------------------------------------------------------------------------
# Parameters for the SAP Cryptographic Library
#---------------------------------------------------------------------------------------
ssl/ssl_lib = E:\usr\sap\QWT\W01\sec\sapcrypto.dll
ssl/server_pse = E:\usr\sap\QWT\W01\sec\SAPSSLS.pse
#_-----------------------------------------------------------------------
I can access my system through url
<Hostname webdisptacher>.abc.com:50000/irj/portal
Thanks & Regards,
Satyabrat
1. backup current PSE file
<hostname>:/usr/sap/<SID>/W00/sec # cp SAPSSLS.pse SAPSSLS.pse.bak
2. upload new PSE file (2148457 - How to convert the keypair of a PKCS#12 / PFX container into a PSE file)
3. restart Web dispatcher
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.