Show TOC

Transport Layer Security When Using the SAP Web DispatcherLocate this document in the navigation structure

Use

The SAP Web Dispatcher is an intermediary server that controls the communication between a client and the back-end server (either AS ABAP or AS Java). You can use it to control incoming connections, for example, to accept or reject requests based on URLs, or as a load balancer to select the back-end application server.

The SAP Web Dispatcher also supports the use of SSL to secure both incoming and outgoing connections. Depending on how you want to use the SAP Web Dispatcher, you can configure SSL accordingly. The figure below shows the various possibilities.

Figure 1: Using SSL With the SAP Web Dispatcher

These options have the following characteristics:

  • The first option does not use SSL. HTTP is used for both the incoming connection from the client to the SAP Web Dispatcher and the outgoing connection to the back-end application server.

  • The second option uses HTTP for the incoming connection, but HTTPS for the outgoing connection to the back-end application server.

  • The third option uses HTTPS for the incoming connection and HTTP for the outgoing connection to the back-end application server.

  • The fourth option uses HTTPS for both the incoming and the outgoing connections. The request is terminated at the SAP Web Dispatcher and re-encrypted for the request to the back-end application server.

  • The fifth option uses HTTPS for the complete path between the client and the back-end application server. It is not terminated at the SAP Web Dispatcher. This is referred to as end-to-end SSL.

Note

There are some restrictions and considerations to take into account when using end-to-end SSL. For example, end-to-end SSL prevents the SAP Web Dispatcher from being able to control incoming requests based on content such as URL filtering. Therefore, if you are using the SAP Web Dispatcher for such purposes, you cannot use end-to-end SSL. For more information, see End-to-End SSL

For SSL where the connection is terminated or re-encrypted, the configuration steps consist of:

  1. Installing and configuring the SAP Cryptographic Library on the server where the SAP Web Dispatcher is running.

  2. Setting up the key pairs to use for SSL encryption.

  3. Establishing trust with the SAP Web Dispatcher's communication partners where SSL is used.

For end-to-end SSL, the configuration consists of setting a profile parameter.

For more information, see Configuring the SAP Web Dispatcher to Support SSL.