SAP Web Dispatcher and SSL

The SAP Web Dispatcher supports SSL in the following manners:

• End-to-End-SSL. The SAP Web Dispatcher forwards the HTTPS request without decrypting it to an (HTTPS-enabled) SAP NetWeaver Application Server.

• SSL termination. The SAP Web Dispatcher decrypts the HTTPS request and then selects the server. You can define whether the request should be SSL-encrypted again before forwarding it.

The following scenarios are possible:

The following graphic shows the various configurations.

The option PROT in parameter icm/server_port_<xx> specifies whether SSL is terminated in the SAP Web Dispatcher:

• HTTP: The SAP Web Dispatcher receives HTTP requests at the port (1 and 2 in the graphic).

• HTTPS: The SAP Web Dispatcher receives HTTPS requests at the port. It decrypts the request, before it forwards it to an application server (3 and 4 on the graphic)

• ROUTER: The SAP Web Dispatcher receives an HTTPS and forwards the request without unpacking it. (5): End-to-End SSL

The wdisp/ssl_encrypt determines whether the SAP Web Dispatcher encrypts the request again with SSL before forwarding it.

How to configure the SAP Web Dispatcher to unpack SSL or encrypt HTTP requests with SSL (2,3 and 4 in the graphic), is explained in section "Configuring SSL Support of the SAP Web Dispatcher".

You can find a How-to Guide in the SAP Developer Network at address http://www.sdn.sap.com/irj/sdn/howtoguides under SAP Web Application Server.