Show TOC

Setting the SSL Relevant Profile Parameters for the SAP Web DispatcherLocate this document in the navigation structure

Use

The profile parameter settings depend on the case you are setting up and whether the SAP Web Dispatcher is the SSL client for the connection request or the SSL server, or both.

Procedure

The SSL-relevant profile parameters are divided into the following categories:

  • File locations

  • Information to use for incoming connections that use SSL

  • Information to use for outgoing connections that use SSL

  • Information specific for the metadata exchange with the message server when using SSL

See the tables below.

Parameter

Description

Value

DIR_INSTANCE

Location of the sec directory that contains the SAP Cryptographic Library.

<Location_of_ SAP_ Cryptographic_ Library>

Example: C:\Program Files\ SAP\ SAPWebDisp

ssl/ssl_lib

Location of the SAP Cryptographic Library

<Location_of_ SAP_ Cryptographic_ Library>

Example: C:\Program Files\ SAP\ SAPWebDisp\ sec

Parameter

Description

Value

ssl/server_pse

Path and file name of the SSL server PSE used by the SAP Web Dispatcher.

<Path_ and_ File_ Name_ of_ SSL_ server_ PSE>

Example: C:\Program Files\ SAP\ SAPWebDisp\ sec\ SAPSSLS.pse

icm/server_port_<xx>

Port to use for incoming HTTPS requests.

PROT=HTTPS, PORT=<HTTPS_Port>, TIMEOUT=<timeout_value>

icm/HTTPS/ verify_client

Set if users are to use X.509 client certificates for authentication. This parameter determines how the SAP Web Dispatcher handles inbound HTTP(S) requests.

The following values are possible:

  • 0: Clients are not authenticated.

  • 1: Client certificates are accepted by the SAP Web Dispatcher.

  • 2: Client certificates are required by the SAP Web Dispatcher.

See the parameters for outgoing connections to specify how the request is handled further.

<0,1,2>

wdisp/add_ client_ protocol_ header

Specify whether the header variable clientprotocol should be used if there is a change in protocol at the SAP Web Dispatcher (HTTPS to HTTP or vice versa).

If this parameter is set to true, then the SAP Web Dispatcher sets clientprotocol to the protocol used between the client and the SAP Web Dispatcher (either HTTP or HTTPS). The application server then uses this value as the protocol to use for generated absolute URIs.

<true,false>

Parameter

Description

Value

ssl/client_pse

Path and file name of the SSL client PSE used by the SAP Web Dispatcher.

<Path_ and_ File_ Name_ of_ SSL_ client_ PSE>

Example: C:\Program Files\ SAP\ SAPWebDisp\ sec\ SAPSSLC.pse

wdisp/ssl_encrypt

This parameter determines how the SAP Web Dispatcher forwards HTTP(S) requests. The following values are permitted:

  • 0: Forward the request unencrypted.

  • 1: Encrypt the request again with SSL, in case the request arrived via HTTPS protocol.

  • 2: Always forward the request encrypted with SSL.

<0,1,2>

wdisp/ssl_auth

This parameter specifies the X.509 client certificate to use to authenticate the SAP Web Dispatcher on the back-end application servers. The following values are permitted:

  • 0: No certificate

  • 1: Default certificate (from SAPSSLC.pse)

  • 2: Certificate specified in the wdisp/ssl_cred parameter

<0,1,2>

wdisp/ssl_cred

File name of the SSL client PSE to use.

This parameter is only necessary if wdisp/ssl_auth= 2.

<File_ Name_ of_ SSL_ Client_ PSE>

wdisp/ssl_certhost

Use this parameter if multiple back-end servers use the same host name in their SSL server certificates (for example, www.mycompany.com).

<Common_Host_Name>

wdisp/add_ client_ protocol_ header

Specify whether the header variable should be used.

See the description for wdisp/ add_ client_ protocol_ header in the table above.

<true,false>

Parameter

Description

Value

rdisp/mshost

Message server host

<Message_ Server_ Host>

ms/https_port

HTTPS port on the message server

Use ms/http_port if the connection does not use SSL.

<Message_ Server_ HTTPS_ Port>

See also: