Show TOC

Configuring Secure Communication on the Web ServerLocate this document in the navigation structure

Use

After you have imported the certificate for the Web server, configure the settings for secure communication.

  • Configuring the TREXWebServer.ini INI File

    In order to prepare the TREX Web server for secure communication using HTTPS with the TREX Java client, change the communication protocol from HTTP to HTTPS in the configuration file TREXWebServer.ini, and specify the name of a key store ( SAPSSLS.pse).

    Note

    You created the SAPSSLS.pse keystore using the cryptography tool SAPGENPSE when you configured secure communication between the TREX preprocessor and the Web server of the application using TREX (see TREX Preprocessor and Web Server of the Application (HTTPS)).

  • Configuring HTTPS Communication

    You then define the protocol to be used for communication with the Web server. We recommend that you choose HTTPS communication, since it is the only way of ensuring secure communication and authentication of the communication partner.

  • Defining the SSL Port

    In the final step, you specify the SSL port to be used for the HTTPS communication.

Prerequisites

You have imported the certificate for the Web server to the Web server. You have opened the Internet Services Manager and are displaying the properties of the Web site SAP_TREX_<trex_instance_number>.

Configuring the TREXWebServer.ini File

  1. Using a text editor, open the <TREX_Directory>\TREXWebServer.ini configuration file on the host on which the TREX Web server is installed.

    In the [HTTPServer] section, change the URL_IIS parameter (Windows) or URL_Apache (UNIX) from http to https: URL_IIS=

    https ://<hostname>:<httpServerPort>/TREXHttpServer/TrexIsapiExt.dll

    In the same section, for the certfile parameter, enter the value SAPSSLS.pse for the keystore used.

    Example

    [HTTPSERVER]

    URL_IIS = https://P54896.wdf.sap-ag.de : 34844 /TREXHttpServer/TREXISAPIExt.dll

    certfile = <homedirectory>/sec/ SAPSSLS.pse

    This port number is valid for a TREX installation with the instance number 48.

  2. Save the TREXWebServer.ini file and close the text editor.

Procedure

Configuring HTTPS Communication

  1. Choose the Directory Security tab, and then choose the Edit pushbutton from the Secure communications area.

  2. Select the Require secure channel field.

  3. Select the Require client certificates field.

  4. Choose OK.

Defining the SSL Port

  1. Choose the Web Site tab.

  2. Specify the SSL port.

    Caution

    HTTP and HTTPS cannot run on Microsoft IIS on the same port. Therefore, you are not allowed to use the same number for both the TCP port and the SSL port.

  3. Choose OK.

  4. You have to restart TREX and the IIS (Internet Information Server) in order for the changes to the TREXWebServer.ini configuration file to be accepted by TREX.

Result

The SAP_TREX_<trex_instance_number> Web site is fully configured. You now need to provide the root certificate of the CA to the Web server.