Entering content frame

Background documentation SAP Web Dispatcher and SSL Locate the document in its SAP Library structure

The SAP Web dispatcher supports SSL in two manners:

     End-to-End-SSL. The SAP Web dispatcher forwards the HTTPS request without decrypting it to an (HTTPS-enabled) SAP Web AS.

SSL termination. The SAP Web dispatcher decrypts the HTTPS request and then selects the server. (Server Selection.) You can define whether the request should be SSL-encrypted again before forwarding it.

The following scenarios are possible:

SSL Scenarios

The Web Dispatcher Receives:

…… And Forwards:

Configuration (see graphic below.)

HTTP

HTTP

icm/server_port_<xx>= ... PROT=HTTP ...

HTTP

HTTPS

icm/server_port_<xx>= ... PROT=HTTP ...

wdisp/ssl_encrypt=2

HTTPS

HTTP

icm/server_port_<xx>= ... PROT=HTTPS ...

wdisp/ssl_encrypt=0

HTTPS

HTTPS

icm/server_port_<xx>= ... PROT=HTTPS ...

wdisp/ssl_encrypt=1

HTTPS

HTTPS without unpacking End-to-End SSL

icm/server_port_<xx>= ... PROT=ROUTER ...

The following graphic shows the various configurations.

This graphic is explained in the accompanying text

The option PROT in parameter icm/server_port_<xx> specifies whether SSL is terminated in the SAP Web dispatcher:

     HTTP: The SAP Web dispatcher receives HTTP requests at the port (1 and 2 in the graphic).

     HTTPS: The SAP Web dispatcher receives HTTPS requests at the port. It decrypts the request, before it forwards it to an application server (3 and 4 on the graphic)

     ROUTER: The SAP Web dispatcher receives an HTTPS and forwards the request without unpacking it. (5): End-to-End SSL.

The wdisp/ssl_encrypt determines whether the SAP Web dispatcher encrypts the request again with SSL before forwarding it. (See graphic and SSL Parameters).

If you want your SAP Web dispatcher to unpack SSL or encrypt HTTP requests with SSL (2,3 and 4 in the graphic), you have to install the relevant SSL libraries and follow the configuration procedure. This is described in Configuring SAP Web Dispatcher for Supporting SSL.

You can find a How-to Guide on the SAP Service Marketplace under address http://service.sap.com/nw-howtoguides under SAP Web Application Server.

Metadata Exchange Using SSL

The Web Dispatcher receives details of the active application servers and logon groups from the message server and the application servers.

You can also use HTTPS for this communication. Section Metadata Exchange Using SSL explains how to do this.

 

 

 

 

 

 

Leaving content frame