11-02-2007 4:05 PM
Hi,
I've been trying to implement SSL on our Web Dispatcher. We are terminating the SSL connection at the Web Dispatcher. We can successfully login to the admin using regular HTTP, the issues happen when trying to use HTTPS
http://blah.ca:8888/sap/wdisp/admin works when you change PROT to HTTP
https://blah.ca:8888/sap/wdisp/admin does NOT work when you change PROT to HTTPS
We followed the steps outlined in http://help.sap.com/saphelp_nw70/helpdata/en/39/09a63d7af20450e10000000a114084/frameset.htm
Steps taken:
Installed the Cryptographic Library on the Web Dispatcher
Setup the profile parameters
Created the PSE and certificate request
Sent the certificate to be signed
Imported the certificate response
Created credentials
Restarted the Web Dispatcher
Tried to test HTTPS, failed.
Here is a list of our current profile parameters (for scenario SSL termination at Web Dispatcher)
Profile generated by sapwebdisp bootstrap
unique instance number
SAPSYSTEM = 7
add default directory settings
DIR_EXECUTABLE = E:\usr\sap\RD3\SYS\exe\nuc\NTAMD64\
DIR_INSTANCE = E:\usr\sap\RD3\SYS\exe\nuc\NTAMD64\
Accessibility of Message Servers
rdisp/mshost = blah.ca
ms/http_port = 8100
SAP Web Dispatcher Parameter
wdisp/auto_refresh = 120
wdisp/max_servers = 100
wdisp/shm_attach_mode = 6
configuration for default scenario (medium size)
icm/max_conn = 500
icm/max_sockets = 1024
icm/req_queue_len = 500
icm/min_threads = 10
icm/max_threads = 50
mpi/total_size_MB = 80
#maximum number of concurrent connections to one server
wdisp/HTTP/max_pooled_con = 500
wdisp/HTTPS/max_pooled_con = 500
SAP Web Dispatcher Ports
icm/server_port_0 = PROT=HTTPS,PORT=8888
icm/server_port_1 =
SAP Web Dispatcher Web Administration
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=E:\usr\sap\RD3\SYS\exe\nuc\NTAMD64\admin,AUTHFILE=E:\usr\sap\RD3\SYS\exe\nuc\NTAMD64\icmauth.txt
#----
#Added to enable SSL
#----
ssl/ssl_lib = E:\usr\sap\RD3\SYS\exe\nuc\NTAMD64\sapcrypto.dll
ssl/server_pse = E:\usr\sap\RD3\SYS\exe\nuc\NTAMD64\sec\SAPSSLS.pse
wdisp/ssl_encrypt = 0
wdisp/add_client_protocol_header = true
icm/HTTPS/verify_client = 0
Will award points for any help. Thanks!
11-02-2007 5:43 PM
Issue had to do with security on the /sec directory. The user running the Web Dispatcher must have rights in there.