Show TOC

Procedure documentationSetting the SSL Relevant Profile Parameters for the SAP Web Dispatcher

 

The profile parameter settings depend on the case you are setting up and whether the SAP Web Dispatcher is the SSL client for the connection request or the SSL server, or both.

Procedure

The SSL-relevant profile parameters are divided into the following categories:

  • File locations

  • Information to use for incoming connections that use SSL

  • Information to use for outgoing connections that use SSL

  • Information specific for the metadata exchange with the message server when using SSL

See the tables below.

File Locations

Parameter

Description

Value

DIR_INSTANCE

Location of the sec directory that contains the SAP Cryptographic Library.

<Location_of_SAP_Cryptographic_Library>

Example: C:\Program Files\SAP\SAPWebDisp

ssl/ssl_lib

Location of the SAP Cryptographic Library

<Location_of_SAP_Cryptographic_Library>

Example: C:\Program Files\SAP\SAPWebDisp\sec
Information to Use for Incoming Connections that Use SSL

Parameter

Description

Value

ssl/server_pse

Path and file name of the SSL server PSE used by the SAP Web Dispatcher.

<Path_and_File_Name_of_SSL_server_PSE>

Example: C:\Program Files\SAP\SAPWebDisp\sec\SAPSSLS.pse

icm/server_port_<xx>

Port to use for incoming HTTPS requests.

PROT=HTTPS, PORT=<HTTPS_Port>, TIMEOUT=<timeout_value>

icm/HTTPS/verify_client

Set if users are to use X.509 client certificates for authentication. This parameter determines how the SAP Web Dispatcher handles inbound HTTP(S) requests.

The following values are possible:

  • 0: Clients are not authenticated.

  • 1: Client certificates are accepted by the SAP Web Dispatcher.

  • 2: Client certificates are required by the SAP Web Dispatcher.

See the parameters for outgoing connections to specify how the request is handled further.

<0,1,2>

wdisp/add_client_protocol_header

Specify whether the header variable clientprotocol should be used if there is a change in protocol at the SAP Web Dispatcher (HTTPS to HTTP or vice versa).

If this parameter is set to true, then the SAP Web Dispatcher sets clientprotocol to the protocol used between the client and the SAP Web Dispatcher (either HTTP or HTTPS). The application server then uses this value as the protocol to use for generated absolute URIs.

<true,false>
Information to Use for Outgoing Connections

Parameter

Description

Value

ssl/client_pse

Path and file name of the SSL client PSE used by the SAP Web Dispatcher.

<Path_and_File_Name_of_SSL_client_PSE>

Example: C:\Program Files\SAP\SAPWebDisp\sec\SAPSSLC.pse

wdisp/ssl_encrypt

This parameter determines how the SAP Web Dispatcher forwards HTTP(S) requests. The following values are permitted:

  • 0: Forward the request unencrypted.

  • 1: Encrypt the request again with SSL, in case the request arrived via HTTPS protocol.

  • 2: Always forward the request encrypted with SSL.

<0,1,2>

wdisp/ssl_auth

This parameter specifies the X.509 client certificate to use to authenticate the SAP Web Dispatcher on the back-end application servers. The following values are permitted:

  • 0: No certificate

  • 1: Default certificate (from SAPSSLC.pse)

  • 2: Certificate specified in the wdisp/ssl_cred parameter

<0,1,2>

wdisp/ssl_cred

File name of the SSL client PSE to use.

This parameter is only necessary if wdisp/ssl_auth = 2.

<File_Name_of_SSL_Client_PSE>

wdisp/ssl_certhost

Use this parameter if multiple back-end servers use the same host name in their SSL server certificates (for example, www.mycompany.com).

<Common_Host_Name>

wdisp/add_client_protocol_header

Specify whether the header variable should be used.

See the description for wdisp/add_client_protocol_header in the table above.

<true,false>
Connection Parmeters to the Message Server for Metadata Exchange with SSL

Parameter

Description

Value

rdisp/mshost

Message server host

<Message_Server_Host>

ms/https_port

HTTPS port on the message server

Use ms/http_port if the connection does not use SSL.

<Message_Server_HTTPS_Port>

See also: