Configuring SAP Web Dispatcher to Support SSLLocate this document in the navigation structure

Use

The steps to perform to configure SSL on SAP Web Dispatcher depend on the case you want to configure. See the following figure:

Figure 1: SAP Web Dispatcher Connections Using SSL

These connection types have the following characteristics:

  • The first connection type shown above does not use SSL at all. Therefore, you only need to set the port to HTTP. No extra configuration is needed.

  • For the second connection type, the request is terminated at SAP Web Dispatcher. The incoming connection uses HTTP and the outgoing connection uses HTTPS. Therefore, you must configure SAP Web Dispatcher as an SSL client.

  • For the third connection type, the request is terminated at SAP Web Dispatcher. The incoming connection uses HTTPS and the outgoing connection uses HTTP. Therefore, you must configure SAP Web Dispatcher as an SSL server.

  • For the fourth connection type, the request is terminated at SAP Web Dispatcher. Both the incoming connection and the outgoing connection use HTTPS. Therefore, you must configure SAP Web Dispatcher as an SSL server and an SSL client.

  • For the fifth connection type, the request is passed directly to the back-end server and not terminated at SAP Web Dispatcher. SSL is used for the entire communication path (end-to-end SSL).

Prerequisites

  • You are familiar with the architecture and functions of SAP Web Dispatcher. In particular, you are familiar with the possible connections and how SSL is used with them. See the figure above.

  • The back-end server is configured to use SSL.

    If the back-end server is the message server (used to exchange metadata for the back-end application server(s), see "Metadata Exchange Using SSL". See the procedures below.

Procedure

The configuration steps depend on the connection type you are using. See the sections below.

Configuring the SAP Web Dispatcher for End-to-End SSL

If SAP Web Dispatcher is to pass the SSL connection to the server in the back end, set the following profile parameter in SAP Web Dispatcher's profile:

icm/server_port_ <xx> = PROT=ROUTER, PORT= <port>, TIMEOUT= <timeout_in_seconds>

In this case, you do not need to set up any PSEs or establish trust between the components.

Configuring the SAP Web Dispatcher for SSL When the Connection is Terminated and SSL is Used

If the connection is terminated at SAP Web Dispatcher and either incoming or outgoing connections are to use SSL, then perform the following steps accordingly.

  1. Create the SAP Web Dispatcher's PSE(s) and certificate request(s).

    Create an SSL server PSE if the incoming connections use SSL. Create an SSL client PSE if the outgoing connections use SSL. Create both if both connections use SSL.

  2. Perform the following steps for each of the PSEs you created in the previous step.

    1. Send the certificate request(s) to a CA to be signed.

    2. Import the certificate request response(s) into the PSE.

    3. Create credentials for the SAP Web Dispatcher.

  3. For outgoing connections that use SSL, import the CA root certificate for the CA that issued the back-end application server its SSL server certificate into SAP Web Dispatcher's SSL client PSE.

  4. Set the profile parameters according to the case you are using (see the figure above).

  5. Restart SAP Web Dispatcher.

  6. Test the connection.

Related Information
Architecture and Functions of the SAP Web Dispatcher
Parameterization of the SAP Web Dispatcher