SAP Web Dispatcher and SSL

The SAP Web Dispatcher supports SSL in the following manners:

• End-to-End-SSL. The SAP Web Dispatcher forwards the HTTPS request without decrypting it to an (HTTPS-enabled) SAP NetWeaver Application Server.

• SSL termination. The SAP Web Dispatcher decrypts the HTTPS request and then selects the server. ( Server Selection.) You can define whether the request should be SSL-encrypted again before forwarding it.

The following scenarios are possible:

The following graphic shows the various configurations.

The option PROT in parameter icm/server_port_<xx> specifies whether SSL is terminated in the SAP Web Dispatcher:

• HTTP: The SAP Web Dispatcher receives HTTP requests at the port (1 and 2 in the graphic).

• HTTPS: The SAP Web Dispatcher receives HTTPS requests at the port. It decrypts the request, before it forwards it to an application server (3 and 4 on the graphic)

• ROUTER: The SAP Web Dispatcher receives an HTTPS and forwards the request without unpacking it. (5): End-to-End SSL.

The wdisp/ssl_encrypt determines whether the SAP Web Dispatcher encrypts the request again with SSL before forwarding it. (See graphic and SSL Parameters for the Web Dispatcher).

If you want your SAP Web Dispatcher to unpack SSL or encrypt HTTP requests with SSL ( 2, 3 and 4 in the graphic), you have to install the relevant SSL libraries and follow the configuration procedure. This is described in Configuring SAP Web Dispatcher to Support SSL.

You can find a How-to Guide in the SAP Developer Network at address http://www.sdn.sap.com/irj/sdn/howtoguidesunder SAP Web Application Server.