Configuring SSL When the SAP Web Dispatcher is the Intermediary Server 

Use

For this scenario, you can configure the SAP Web Dispatcher to either pass the SSL connection to the SAP J2EE Engine (tunneling), or it can terminate the connection and establish a new one.

Prerequisites

·        The SAP Web Dispatcher and corresponding message server are configured to access the SAP J2EE Engine.

·        SSL is configured on the SAP J2EE Engine and you know the SSL port.

Procedure

Configuring the SAP Web Dispatcher to Tunnel the SSL Connection (End-to-End SSL)

The SAP Web Dispatcher can tunnel the SSL connection to the backend server. This provides for an end-to-end SSL connection.

To configure the SAP Web Dispatcher to pass the SSL connection to the SAP J2EE Engine, set the following parameter in the SAP Web Dispatcher’s profile:

icm/server_port_<xx> = PROT=ROUTER, PORT=<port>, TIMEOUT=<timeout_in_seconds

where <port> is the SSL port on the SAP J2EE Engine.

If you are using client certificates for user authentication, then see Configuring the Use of Client Certificates via an Intermediary Server.

Configuring the SAP Web Dispatcher to Terminate the SSL Connection

For this configuration, see Configuring the SAP Web Dispatcher to Terminate the SSL Connection.

When using this configuration, you cannot use client certificates for user authentication. If you want to use client certificates for user authentication, then the SAP Web Dispatcher must tunnel the SSL connection.

Additional Information

For more information, see SAP Web Dispatcher and SSL.