cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Disabling HTTP

Go to solution
Former Member

on ‎02-14-2008 3:27 PM

0 Kudos

We'd like to know how to disable HTTP functionality in NetWeaver CE 7.1 SP3 and use strictly HTTPS. There is another thread on this forum with a similar subject, but its answer is similar to the Administrator's Guide--it refers one to icm/server_port_0 in c:\usr\SAP\CEx\SYS\profile\CEx_Jxx_<hostname>, but there are no icm/server_port statements in that file, except for the icm/server_port04 statement we added to turn on HTTPS. So, where is this specified?

Also, is it possible to have behavior similar to Websphere such that if you enter your application URL using http it's automatically rerouted to the same URL with https?

Thanks,

William

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎02-15-2008 11:32 AM
0 Kudos

Going into the NWA --> Operation Management -> Systems -> Start & Stop -> Java EE Services -> Destinations just shows the destination started; no options to change, configure, etc.. Was this the destinations you were referring to?

We have HTTPS working fine; but want to prevent the use of HTTP for security reasons. I don't think where the users are stored matter because you access the application login page before those come into play. But, in our case we're storing users in the internal MaxDB UME.

Thanks,

William

Show replies
Show replies
oliver_luik
Explorer
‎02-15-2008 3:10 PM
0 Kudos

Hi William,

the default port configuration that is delivered is described on the help portal: [http://help.sap.com/saphelp_nwce10/helpdata/en/44/f71aede38e2462e10000000a1553f7/frameset.htm]

The default configuration entries are not specified in the profile, but are defined internally. The default configuration in the profile would look as follows:

icm/server_port_0 = PROT=HTTP, PORT=5$(SAPSYSTEM)00, TIMEOUT=600

icm/server_port_1 = PROT=P4, PORT=5$(SAPSYSTEM)04

icm/server_port_2 = PROT=IIOP, PORT=5$(SAPSYSTEM)07

icm/server_port_3 = PROT=TELNET, PORT=5$(SAPSYSTEM)08

If you want to change the port configuration, you should add these 4 lines to the profile and do the modifications there.

e.g.

icm/server_port_0 = PROT=HTTPS, PORT=1443, TIMEOUT=600

icm/server_port_1 = PROT=P4, PORT=5$(SAPSYSTEM)04

icm/server_port_2 = PROT=IIOP, PORT=5$(SAPSYSTEM)07

icm/server_port_3 = PROT=TELNET, PORT=5$(SAPSYSTEM)08

Please keep in mind that the numbers of icm/server_port_ parameter have to be unique and that no gaps are allowed in the numbering!

Regards,

Oliver

PS: The HTTPS port is per default not configured. So if you haved managed to set up an HTTPS port you must have changed the configuration already. I am wondering how?

Answers (3)

Answers (3)

Former Member
‎02-15-2008 4:20 PM
0 Kudos

Hi Oliver, Thanks for the update. That solved the problem. I didn't realize that I was meant to add those entries to the profile file. So, by adding the default settings I can change port 1 from HTTPS to HTTP. I had already added port 4 for HTTPS, but since I hadn't seen the other 4 documented entries I was confused, assuming they must have lived elsewhere. I'm still wondering about the web.xml <transport-guarantee> setting, but I'll leave that for another day.

All the best,

William

Show replies
Show replies
Former Member
‎02-15-2008 11:08 AM
0 Kudos

Hi Vamshi,

Thanks for the response, but in this case we don't have any connection with ABAP or any other externals--this is just straight J2EE.

So, we'd like to know if it's possible to eliminate the exposure of using HTTP and force everyone to use HTTPS. Certainly if I launch the application from the Java Alias list on the sapmmc it uses HTTPS, but there's nothing stopping anyone from typing in the application URL using http://. We have <transport-guarantee>CONFIDENTIAL</transport-guarantee> specified in web.xml and when you do this on WebSphere for instance any use of http:// is forced to https:// automatically.

So, is this possible on NetWeaver CE 7.1? As I say the product documentation alludes to this, but it doesn't correspond to the reality of what I see in our profile ICM file (e.g. see http://help.sap.com/saphelp_nwce10/helpdata/en/44/f71aede38e2462e10000000a1553f7/frameset.htm), so where is this actually defined in NWCE 7.1 and how do we setup this functionality? Or is this a bug in NWCE, not honoring <transport-guarantee>?

Thanks,

William

Show replies
Show replies
Former Member
‎02-15-2008 11:18 AM
0 Kudos

Hi William,

I am not very sure but you can check in visual admin > services>destinations and can check in destination of your java sytem

i think it asks you which sort of authentication you need

i suppose you have used basic authentication.You can use https(secure connnection) and try.

Also tell me where do you store the java users? Like UME is configured as abap or java or ldap?.

Regards,

Vamshi.

Former Member
‎02-15-2008 5:07 AM
0 Kudos

Hi William,

You can check the rfc which connects your java stack to abap stack and there you use ssl in logon and security tab option and give the destination with https://<address>.

Also configure accordingly in visual admin.

Regards,

Vamshi.

Show replies
Show replies
Ask a Question