SSL configuration requirement
Assume that I have web-dispatcher (ABC server) and ECC system (XYZ server) or JAVA systems(PQR) with multiple application servers.
I want to enable end users to use Webdynpro ABAP application or SAP GUI for HTML or simply JAVA servers access (like EP for JAVA applications). Here load balancing (by the virtue of reverse Proxy) is done using web-dispatcher.
I am considering SSL configuration for secured communication.
Do I need to apply SSL certificate on Web-dispatcher only; or on each backend server; or on both(web dispatcher and backend) ?
Is it possible that I only apply SSL on web-dispatcher and end users access ABC server and requests gets routed to backend (XYZ or PQR) server and still my security requirement is fulfilled?
I have seen that organization apply SSL on reverse proxy server (apache or web-dispatcher) and on backend systems also.
Is it required to meet security need ?
Tom Xing replied
Afaik it is possible to hide the http traffic behind one single entry point (WDP).
But I'm afraid it requires not only URL rewriting from WDP.
Think about the situation where EP might return a URL of ABAP or EP itself with intranet URL.
On Java side, you need to set proxy mappings
If you have PI Java, there'll be additional settings for PI apps.
I'm not very familiar with ABAP side. Perhaps you need to look into HTTPURLLOC.
In this scenario, HTTPS is only between browser and WDP. Hence you should not need other SSL certificates.