on 09-25-2016 2:43 AM
Hi All,
We have implemented webdispatcher and SSL (end-to-end-SSL)config in EP,ECC,BW,BWJ system.
we are using a friendly URL in EP as SAPEP@xyz.com, ECC--> SAPECC@xyz.com, BWJ-->SAPBWJ@xyz.com and BW -->SAPBW@xyz.com
So I generated the SSL cert for webdispatcher with friendly url for each system and in backend we used webdispatcher servername.domain to cerate SSL .
The issue is when we maintain friendly url and access backend system from sharepoint we get certificate error and says name mismatch and if we click on option to ignore and continue it goes through.
If we maintain the webdispatcher servername.domain this erro doesnt come
The flow is Sharepoint--> EP/BWJ-->ECC/BWA
Please suggest how to resolve.
Regards,
Amit
Hello Amit,
Can you please elaborate with example URL flow with error in share point and without error in webdipatcher.
This will help to understand very clearly.
There are couple of webdipatcher parameter which help to ignore mismatch error, but before suggesting it we need to understand issue very clearly.
SSL Parameters for the Web Dispatcher - SAP Web Dispatcher - SAP Library
Regards,
Anil Bhandary
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Anil,
Sharepoint URL --> Sharepoint@xyz.com
Wbedispatcher EP url--> EPwebdisp@xyz.com
Friendly EP -->SAPEP@xyz.com
Wbedispatcher ECC --> ECCwebdisp@xyz.com
Friendly ECC url-->SAPECC@xyz.com
Now as per STD doc for END to end ssl
SSL certificate creation was done with below urls
EP webdisp -->SAPEP@xyz.com
EP backend -->EPwebdisp@xyz.com
ECC webdisp -->SAPECC@xyz.com
ECC backend -->ECCwebdisp@xyz.com
HTTPS port value :
Webdispatcher in all system -->44380
In backend systems -->443<instancenumber>
Please find the flow diagram below
Error scenario:
So if I maintain friendly ulr value and web dispatcher port number I get the certificate error message
Stating name mismatched and I need to ignore and continue.
The error is due to the value used in generating the SSL certificate in webdispatcher and backend where the mismatch is happening.
No error:
and If I maintain the web dispatcher url and back end port value directly i dont get the error message .
In this case the load balancing will not happen as I am maintaining direct app server details.
Thanks and Regards,
Amit
Dear Amit,
Thanks for detail.
As you are using end to end SSL, parameter wdisp/ssl_encrypt=1 Would have been defined in all you of your webdispatcher
So, try to maintain parameter wdisp/ssl_ignore_ host_mismatch = TRUE in of all webdispatcher and restart the webdispatcher and check if it solves your problem.
If not, then would best to generate certificate on Common name as
*.xyz.com
(So it will not give certificate mismatch error)
Regards,
Anil Bhandary
Thanks Anil and Isaías for the inputs.
The issue seems to be resolved by maintaining the parameter wdisp/ssl_ignore_ host_mismatch = TRUE.
Thanks and Regards,
Amit
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for the recommendation Anil.
Yes its End-to-end SSL and the parameter wdisp/ssl_encrypt=1 is maintained,Sure we will try with wdisp/ssl_ignore_ host_mismatch = TRUE and let you know if the issue gets resolved.
Can you let me know if I need to set the parameter wdisp/ssl_certhost too?
Thanks and Regards,
Amit
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Amit,
"End-to-end SSL" would mean that you are using the protocol "ROUTER" at the Web Dispatcher.
Is this correct? If yes, be aware of the item 7 of the SAP note 1026191.
The parameter wdisp/ssl_ignore_ host_mismatch is related to the Web Dispatcher connecting to the backends through HTTPS. Nothing related to the end user connecting to the Web Dispatcher.
Regards,
Isaías
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.