on 08-14-2007 1:16 AM
We are configuring the scenario of end-to-end SSL on the web dispatcher
to a central instance NW2004S system (XI). We have followed the
installation guides for the web dispatcher and the procedures for
enabling SSL on the ABAP and JAVA stacks. The document "Configuring
SSL on the Web Dispatcher" states that you need to request a
certificate for the JAVA stack in the name of the web dispatcher so you
do not get the "invalid certificate or does not match the name of the
site". This piece works fine.
Configuring the ABAP stack is different. If we configure the ABAP
stack in the conventional way (CN=hostname, OU=x, O=x, U=US), then we
have no problems hitting the servers directly to test SSL, but when we
try to do a redirect to the Web AS ABAP stack functionality (like
Webgui), I get the above certificate error. Basically, anything with
the url ending in /sap/bc, /sap, etc, routed to the ABAP stack.
If we try to use the methodology specified for the JAVA stack, and
request a certificate in the name of the web dispatcher, I get the
following error:
[Thr 4] Mon Aug 13 21:24:14 2007
[Thr 4] MatchTargetName("FQDN-Central Instance", "CN=FQDN-Web
Dispatcher Server, OU=XXX, O=XXX, C=US") FAILS
[Thr 4] SSL socket: local=0.0.0.0:0 peer=0.0.0.0:0
[Thr 4] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x100c16940)
==SSSLERR_SERVER_CERT_MISMATCH
[Thr 4] *** ERROR => MsHttpLBThread: SapSSLSessionStart (rc=-30)
SSSLERR_SERVER_CERT_MISMATCH [msxxhttp_mt. 7265]
I see this in the ASCS dev_ms trace file for the ABAP stack. The SCS
dev_ms file is fine.
If I change the requested host back to the name of the CI and get
another certificate in the CI's name, there are no errors but I get the
pop up warning about the certificates. I can't use the web dispatcher
for what I want (XI load balancing).
I have searched SAP Notes and SDN and have not come up with any leads.
You have to use a "*.domain.com" request for a certificate.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.