You use this parameter to configure the SSL certificates.
This configuration includes a credential , the SSL server cache size, the die retention period of the cache objects, the SSL client verification, and the permitted SSL Cipher Suites.
You can use this SSL configuration when defining services in the ICM and Web dispatcher in parameter icm/server_port_<xx>.
The parameter is only relevant for SSL configurations for ICM or Web dispatcher (communication using HTTPS).
SSL is particularly significant for the Web dispatcher since it resides in the DMZ and is used as the entry point for queries from the Internet.
Work area |
Internet Communication Manager, SAP Web Dispatcher |
Unit |
Character string |
Default value |
Not set |
Dynamically changeable |
No |
Value Range and Syntax
The character string has the following syntax:
CRED=<credential> [, CACHESIZE=<cache size>, LIFETIME=<max. lifetime>, VCLIENT=<SSL client verification>, CIPHERS=<Cipher Suites>]
The credential must be specified; the other values are optional.
The options are described below.
Option |
Description |
---|---|
CRED |
Credential to be used (fully qualified file name) |
CACHESIZE |
Maximum number of entries that may be in the cache |
LIFETIME |
Maximum lifetime of an entry in seconds |
VCLIENT |
SSL client verification; possible values 0, 1, 2 (analogous to the option VCLIENT of parameter icm/server_port_<xx>) |
CIPHERS |
List of supported Cipher Suites For more information about this option and the syntax, see SAP Note 510007 . |
The parameter only takes effect if the option SSLCONFIG is set for parameter icm/server_port_<xx>.
As for all generic <xx> parameters, the parameter must be specified starting with 0 and increasing.
More information: Generic Profile Parameters with Ending _<xx>
Example
Parameter icm/ssl_config_0 can have the following values.
CRED=SAPSSLSsapext.pse, VCLIENT=1
CRED=SAPSSLSsapint.pse, VCLIENT=2, CACHESIZE=20000, LIFETIME=1800