Show TOC

Configuring the SAP Web Dispatcher to Support SSLLocate this document in the navigation structure

Use

The steps to perform to configure SSL on the SAP Web Dispatcher depend on the case you want to configure. See the figure below:

Figure 1: SAP Web Dispatcher Connections Using SSL

These connection types have the following characteristics:

  • The first connection type shown above does not use SSL at all. Therefore, you only need to set the port to HTTP. No extra configuration is needed.

  • For the second connection type, the request is terminated at the SAP Web Dispatcher. The incoming connection uses HTTP and the outgoing connection uses HTTPS. Therefore, you must configure the SAP Web Dispatcher as an SSL client.

  • For the third connection type, the request is terminated at the SAP Web Dispatcher. The incoming connection uses HTTPS and the outgoing connection uses HTTP. Therefore, you must configure the SAP Web Dispatcher as an SSL server.

  • For the fourth connection type, the request is terminated at the SAP Web Dispatcher. Both the incoming connection and the outgoing connection use HTTPS. Therefore, you must configure the SAP Web Dispatcher as an SSL server and an SSL client.

  • For the fifth connection type, the request is passed directly to the back-end server and not terminated at the SAP Web Dispatcher. SSL is used for the entire communication path (end-to-end SSL).

Prerequisites
  • You are familiar with the architecture and functions of the SAP Web Dispatcher. For more information, see Architecture and Functions of the SAP Web Dispatcher . In particular, you are familiar with the possible connections and how SSL is used with them. See the figure above.

  • You are familiar with the concepts that apply when using the SAP Cryptographic Library for SSL. This includes the storage of the keys to use in a Personal Security Environment (PSE) and exchanging public-key certificates with communication partners to establish trust. For more information, see Key Storage and Maintenance and Establishing Trust .

  • The back-end server is configured to use SSL. For more information, see:

    • For the AS ABAP, see Configuring the AS ABAP for Supporting SSL

    • For the AS Java, see Configuring the Use of SSL on the AS Java

    • If the back-end server is the message server (used to exchange metadata for the back-end application server(s), see Metadata Exchange Using SSL . The procedures to use for installing the SAP Cryptographic Library on the message server and for setting up an SSL server PSE are the same as for the SAP Web Dispatcher. See the procedures below.

Procedure

The configuration steps depend on the connection type you are using. See the sections below.

Configuring the SAP Web Dispatcher for End-to-End SSL

If the SAP Web Dispatcher is to pass the SSL connection to the server in the back end, set the following profile parameter in the SAP Web Dispatcher's profile:

icm/server_port_<xx> = PROT=ROUTER, PORT=<port>, TIMEOUT=<timeout_in_seconds>

For more information about the SAP Web Dispatcher's profile, see Parameterization of the SAP Web Dispatcher .

In this case, you do not need to set up any PSEs or establish trust between the components.

Configuring the SAP Web Dispatcher for SSL When the Connection is Terminated and SSL is Used

If the connection is terminated at the SAP Web Dispatcher and either incoming or outgoing connections are to use SSL, then perform the following steps accordingly.

  1. Install the SAP Cryptographic Library on the SAP Web Dispatcher .

  2. Create the SAP Web Dispatcher's PSE(s) and certificate request(s) .

    Create an SSL server PSE if the incoming connections use SSL. Create an SSL client PSE if the outgoing connections use SSL. Create both if both connections use SSL.

  3. Perform the following steps for each of the PSEs you created in the previous step.

    1. Send the certificate request(s) to a CA to be signed .

    2. Import the certificate request response(s) into the PSE .

    3. Create credentials for the SAP Web Dispatcher .

  4. For outgoing connections that use SSL, import the CA root certificate for the CA that issued the back-end application server its SSL server certificate into the SAP Web Dispatcher's SSL client PSE.

  5. Set the profile parameters according to the case you are using (see the figure above).

  6. Restart the SAP Web Dispatcher.

  7. Test the connection .