Start of Content Area

Procedure documentation Setting the SSL Profile Parameters for the SAP Web Dispatcher  Locate the document in its SAP Library structure

In addition to the standard parameters used by the SAP Web Dispatcher, set the following SSL-relevant parameters.

        Location of the SAP Cryptographic Library and Personal Security Environments to use:

        DIR_INSTANCE=<SECUDIR_Directory>

        ssl/ssl_lib=<Location_of_SAP_Cryptographic_Library>

        ssl/server_pse=<Location_of_SSL_server_PSE>

        ssl/client_pse=<Location_of_SSL_client_PSE>

        SAP Web Dispatcher SSL information to use for incoming connections:

        icm/server_port_<xx>=PROT=HTTPS, PORT=<HTTPS_Port>, TIMEOUT=900

        icm/HTTPS/verify_client=<0,1>

        Connection Parameters to the SAP Web AS Message Server in the backend:

        rdisp/mshost=<message_server_host>

        ms/https_port=<message_server_HTTPS_Port> if you want to use Metadata Exchange Using SSL. Otherwise, use ms/http_port=<message_server_HTTP_Port> if the connection should not use SSL.

        SSL information to use for the outgoing connection:

        wdisp/ssl_encrypt=<0,1,2>

        wdisp/ssl_auth=<0,1,2>

        wdisp/ssl_cred=<File_name_of_client_PSE>

This parameter is only necessary if wdisp/ssl_auth = 2.

        wdisp/ssl_certhost=<Common_host_name>

Use this parameter if multiple servers in the backend use the same host name in their SSL server certificates (for example, www.mycompany.com).

        wdisp/add_client_protocol_header=<true,false>

Set this parameter to true if there is a change in the protocol at the SAP Web Dispatcher (HTTPS to HTTP or vice versa). If this parameter is set to true, then the SAP Web Dispatcher sets the header variable clientprotocol to the protocol used between the client and the SAP Web Dispatcher (either HTTP or HTTPS). The application server then uses this value as the protocol to use for generated absolute URIs.

Note

If the SAP Web Dispatcher is to pass the SSL connection to the server in the backend ( End-to-End SSL), then set the parameter icm/server_port_<xx> to PROT=ROUTER, PORT=<port>, TIMEOUT=<timeout_in_seconds>. In this case, the rest of the parameters are not necessary.

See also:

        For more information about the individual parameters, see The SAP Web Dispatcher Profile Parameters.

        For an example, see Sample Profile for the SAP Web Dispatcher When Using SSL.

 

End of Content Area