Configuring SSL When the SAP Web Dispatcher is the Intermediary Server 

Use

For this scenario, you can configure the SAP Web Dispatcher to either pass the SSL connection to the AS Java (tunneling), or it can terminate the connection and establish a new one.

Prerequisites

●      The SAP Web Dispatcher and corresponding message server are configured to access the AS Java.

●      SSL is configured on the AS Java and you know the SSL port.

Procedure

Configuring the SAP Web Dispatcher to Tunnel the SSL Connection (End-to-End SSL)

The SAP Web Dispatcher can tunnel the SSL connection to the back-end server. This provides for an end-to-end SSL connection.

To configure the SAP Web Dispatcher to pass the SSL connection to the AS Java, set the following parameter in the SAP Web Dispatcher’s profile:

icm/server_port_<xx> = PROT=ROUTER, PORT=<port>, TIMEOUT=<timeout_in_seconds

where <port> is the SSL port on the AS Java.

If you are using client certificates for user authentication, then see Configuring the Use of Client Certificates via an Intermediary Server.

Configuring the SAP Web Dispatcher to Terminate the SSL Connection

For this configuration, see Configuring the SAP Web Dispatcher to Terminate the SSL Connection.

When using this configuration, you cannot use client certificates for user authentication. If you want to use client certificates for user authentication, then the SAP Web Dispatcher must tunnel the SSL connection.