Show TOC

Background documentationicm/ssl_config_<xx> Locate this document in the navigation structure

 

You use this parameter to configure the SSL certificates.

This configuration includes a credential , the SSL server cache size, the die retention period of the cache objects, the SSL client verification, and the permitted SSL Cipher Suites.

You can use this SSL configuration when defining services in the ICM and Web dispatcher in parameter icm/server_port_<xx>.

Prerequisites

The parameter is only relevant for SSL configurations for ICM or Web dispatcher (communication using HTTPS).

SSL is particularly significant for the Web dispatcher since it resides in the DMZ and is used as the entry point for queries from the Internet.

Structure

Work area

Internet Communication Manager, SAP Web Dispatcher

Unit

Character string

Standard value

not set

Dynamically changeable

No

Value Range and Syntax

The character string has the following syntax:

Syntax Syntax

  1. CRED=<credential> [, CACHESIZE=<cache size>, 
    LIFETIME=<max. lifetime>, VCLIENT=<SSL client verification>, 
    CIPHERS=<Cipher Suites>]
End of the code.

The credential must be specified; the other values are optional.

The options are described below.

Options for icm/ssl_config_<xx>

Option

Description

CRED

Credential to be used (fully qualified file name)

CACHESIZE

Maximum number of entries that may be in the cache

LIFETIME

Maximum lifetime of an entry in seconds

VCLIENT

SSL client verification; possible values 0, 1, 2 (analogous to the option VCLIENT of parameter icm/server_port_<xx>)

CIPHERS

List of supported Cipher Suites

For more information about this option and the syntax, see SAP Note 510007.

Caution Caution

The parameter only takes effect if the option SSLCONFIG is set for parameter icm/server_port_<xx>.

As for all generic <xx> parameters, the parameter must be specified starting with 0 and increasing.

More information: Generic Profile Parameters with Ending _<xx>

End of the caution.
Example

Parameter icm/ssl_config_0 can have the following values.

CRED=SAPSSLSsapext.pse, VCLIENT=1

CRED=SAPSSLSsapint.pse, VCLIENT=2, CACHESIZE=20000, LIFETIME=1800