Show TOC

SSL Parameters for ICM and Web DispatcherLocate this document in the navigation structure

Use

Profile parameters are used to configure SSL configuration for the ICM and Web Dispatcher. For SSL communication between the ICM and AS Java the relevant properties must also be set in the AS Java.

Parameter icm/ssl_config_<xx> controls SSL configuration overall.

The parameters below specify the header field names that are used for SSL ( certificate forwarding). The Web Dispatcher sets the fields and the ICM on the application server uses them.

Caution

The parameters are set the same in the ICM and in the Web Dispatcher. You should not change the default values unless absolutely necessary.

Parameter

Meaning

Default

icm/HTTPS/client_certificate_chain_header_prefix

Prefix for the CA certificate chains: The chain is structured from 1 to n, where n+1 is the last CA root certificate in the chain that is not sent to the server.

The server finds the chained certificates in the variables SSL_CLIENT_CERT_CHAIN_1, SSL_CLIENT_CERT_CHAIN_2, and so on.

The CA root certificate, which is the last certificate in the chain, is not sent to the server in a header field. It must exist as a trusted CA in the SSL provider service.

SSL_CLIENT_CERT_CHAIN_

icm/HTTPS/client_certificate_header_name

Header field that contains the user's certificate.

SSL_CLIENT_CERT

icm/HTTPS/client_cipher_suite_header_name

Header field that contains the cipher suite used.

SSL_CIPHER_SUITE

icm/HTTPS/client_key_size_header_name

Header field that contains the key size.

SSL_CIPHER_USEKEYSIZE

icm/HTTPS/trust_client_with_subject

icm/HTTPS/trust_client_with_issuer

For X.509-based logon to SAP NetWeaver Application Server using the SAP Web Dispatcher you need these parameters to create a trusted relationship between the Web Dispatcher and ICM, or between two Web Dispatchers activated one after the other.