The profile parameter settings depend on the case you are setting up and whether the SAP Web Dispatcher is the SSL client for the connection request or the SSL server, or both.
The SSL-relevant profile parameters are divided into the following categories:
File locations
Information to use for incoming connections that use SSL
Information to use for outgoing connections that use SSL
Information specific for the metadata exchange with the message server when using SSL
See the tables below.
Parameter |
Description |
Value |
---|---|---|
DIR_INSTANCE |
Location of the sec directory that contains the SAP Cryptographic Library. |
<Location_of_ SAP_ Cryptographic_ Library> Example: C:\Program Files\ SAP\ SAPWebDisp |
ssl/ssl_lib |
Location of the SAP Cryptographic Library |
<Location_of_ SAP_ Cryptographic_ Library> Example: C:\Program Files\ SAP\ SAPWebDisp\ sec |
Parameter |
Description |
Value |
---|---|---|
ssl/server_pse |
Path and file name of the SSL server PSE used by the SAP Web Dispatcher. |
<Path_ and_ File_ Name_ of_ SSL_ server_ PSE> Example: C:\Program Files\ SAP\ SAPWebDisp\ sec\ SAPSSLS.pse |
icm/server_port_<xx> |
Port to use for incoming HTTPS requests. |
PROT=HTTPS, PORT=<HTTPS_Port>, TIMEOUT=<timeout_value> |
icm/HTTPS/ verify_client |
Set if users are to use X.509 client certificates for authentication. This parameter determines how the SAP Web Dispatcher handles inbound HTTP(S) requests. The following values are possible:
See the parameters for outgoing connections to specify how the request is handled further. |
<0,1,2> |
wdisp/add_ client_ protocol_ header |
Specify whether the header variable clientprotocol should be used if there is a change in protocol at the SAP Web Dispatcher (HTTPS to HTTP or vice versa). If this parameter is set to true, then the SAP Web Dispatcher sets clientprotocol to the protocol used between the client and the SAP Web Dispatcher (either HTTP or HTTPS). The application server then uses this value as the protocol to use for generated absolute URIs. |
<true,false> |
Parameter |
Description |
Value |
---|---|---|
ssl/client_pse |
Path and file name of the SSL client PSE used by the SAP Web Dispatcher. |
<Path_ and_ File_ Name_ of_ SSL_ client_ PSE> Example: C:\Program Files\ SAP\ SAPWebDisp\ sec\ SAPSSLC.pse |
wdisp/ssl_encrypt |
This parameter determines how the SAP Web Dispatcher forwards HTTP(S) requests. The following values are permitted:
|
<0,1,2> |
wdisp/ssl_auth |
This parameter specifies the X.509 client certificate to use to authenticate the SAP Web Dispatcher on the back-end application servers. The following values are permitted:
|
<0,1,2> |
wdisp/ssl_cred |
File name of the SSL client PSE to use. This parameter is only necessary if wdisp/ssl_auth= 2. |
<File_ Name_ of_ SSL_ Client_ PSE> |
wdisp/ssl_certhost |
Use this parameter if multiple back-end servers use the same host name in their SSL server certificates (for example, www.mycompany.com). |
<Common_Host_Name> |
wdisp/add_ client_ protocol_ header |
Specify whether the header variable should be used. See the description for wdisp/ add_ client_ protocol_ header in the table above. |
<true,false> |
Parameter |
Description |
Value |
---|---|---|
rdisp/mshost |
Message server host |
<Message_ Server_ Host> |
ms/https_port |
HTTPS port on the message server Use ms/http_port if the connection does not use SSL. |
<Message_ Server_ HTTPS_ Port> |
See also:
For more information about the individual parameters, see Parameterization of the SAP Web Dispatcher and SSL Parameters.
For an example, see Sample Profile for the SAP Web Dispatcher When Using SSL.