cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Wild Card certificate for Web dispatcher

Go to solution
Former Member

on ‎05-21-2014 12:27 PM

0 Kudos

Hi Folks,

We are setting up our new WD i.e. of release 741 in our windows 2012 server and now we have to activate https.

Now our Network team is saying they can provide the wild card certifcate (comodo) and that need to be import in the system. Can you please guide me with the steps in this regard.

I am confused now

earlier we used to follow the below steps, but as per the network team, as we have wild card certificate (.pfx) then there is no need to create the certifcate and send it to get signed. We just need to import the certifcate and create credentials.

Install the SAP Cryptographic Library on the SAP Web Dispatcher.


I would appreciate if you can help to get a clear step of configuratuion in this regard.

Thanks & Regards,

Satyabrat

Show replies
Show replies
priyas3
Discoverer
‎08-22-2019 10:26 AM
0 Kudos

Can you kindly confirm the steps of importing the Wild card SSL certificate in Webdispatcher.

I am facing the same scenario now.

Regards,

Priya

Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎05-21-2014 6:07 PM
0 Kudos

Use import_p12, see Creating SAPSSLS.pse with certificates generated in openssl - Basis Corner - SCN Wiki and for details.

Show replies
Show replies
Former Member
‎05-21-2014 6:33 PM
0 Kudos

Hi Samuli,

Thanks for the helpful links. In my case I need not to create or generate certificate, as I am getting a certificate (certificate.pfx) from my IT team which is already signed by comodo and its a wildcard certificate.

In this scenario I only have to import the certificate using below command after the installation, and after https should work fine, please correct me if I am wrong or I am missing anything.

sapgenpse import_p12  -p SAPSSLS.pse certificate.pfx



BR,

Satyabrat


Former Member
‎05-21-2014 6:36 PM
0 Kudos

Depending on the certificate you may need to also use -r for all intermediate and root certificates, as described in the documents. Once that is done, you will still have to configure credentials as per the Web Dispatcher documentation.

Former Member
‎05-21-2014 6:45 PM
0 Kudos

Hi Samuli,

Yes i.e again a point of concern, when I checked with the IT team on the .pfx file, they are saying, the file itself contains intermediate and root certificate in it. I also had checked the same, when I unzip the file I got these certificates.

According to them if I will import the .pfx file all the certificate will get import automatically. and no need to import it individually.

So here the question is whether it works like this. I am not sure on this part.

BR,

Satyabrat

Former Member
‎05-21-2014 6:59 PM
0 Kudos

If they are separate files you will have to use -r.

Former Member
‎05-22-2014 12:28 PM
0 Kudos

Thanks Samuli

Now I want to access my portal system using webdispatcher,

What are the parameter need to be setup. My profile parameters looks as below but stll I can't access my portal system

# Accesssability of Message Server

#-----------------------------------------------------------------------

rdisp/mshost = <Hostname EnterprisePortal>

ms/http_port = 8101

ms/https_port = 8443

#-----------------------------------------------------------------------

# Configuration for medium scenario

#-----------------------------------------------------------------------

icm/max_conn = 500

icm/max_sockets = 1024

icm/req_queue_len = 500

icm/min_threads = 10

icm/max_threads = 50

mpi/total_size_MB = 80

#-----------------------------------------------------------------------

# SAP Web Dispatcher Ports

#-----------------------------------------------------------------------

icm/server_port_0 = PROT=HTTP,PORT=6666

#icm/server_port_1 = PROT=HTTP,HOST=localhost,PORT=81$$

icm/HTTP/admin_0 = PREFIX=/sap/admin,DOCROOT=$(DIR_DATA)$(DIR_SEP)icmandir,AUTHFILE=$(icm/authfile),PORT=81$$

icm/server_port_1 = PROT=HTTP,PORT=7777,TIMEOUT=900,PROCTIMEOUT=900

icm/server_port_2 = PROT=HTTPS,PORT=8443,TIMEOUT=900,PROCTIMEOUT=900

icm/keep_alive_timeout = 900

icm/host_name_full = <Hostname webdisptacher>.abc.com

#-----------------------------------------------------------------------

# Start webdispatcher

#-----------------------------------------------------------------------

_WD = $(DIR_EXECUTABLE)\sapwebdisp$(FT_EXE)

Start_Program_00 = local $(_WD) pf=$(_PF)

SETENV_01 = SECUDIR=$(DIR_INSTANCE)/sec

#---------------------------------------------------------------------------------------

# Parameters for the SAP Cryptographic Library

#---------------------------------------------------------------------------------------

ssl/ssl_lib = E:\usr\sap\QWT\W01\sec\sapcrypto.dll

ssl/server_pse = E:\usr\sap\QWT\W01\sec\SAPSSLS.pse

#_-----------------------------------------------------------------------

I can access my system through url

<Hostname webdisptacher>.abc.com:50000/irj/portal

Thanks & Regards,

Satyabrat

Former Member
‎05-22-2014 2:21 PM
0 Kudos

Create a new discussion thread, that's a different problem. When you do also share the exact version of Web Dispatcher you are using (including patch level) and maybe describe your landscape and what exactly you are trying to achieve.

Answers (1)

Answers (1)

former_member44100
Employee
Employee
‎07-16-2022 5:45 AM
0 Kudos

1. backup current PSE file

<hostname>:/usr/sap/<SID>/W00/sec # cp SAPSSLS.pse SAPSSLS.pse.bak

2. upload new PSE file (2148457 - How to convert the keypair of a PKCS#12 / PFX container into a PSE file)

3. restart Web dispatcher

Show replies
Show replies
Ask a Question