Show TOC

Background documentationSSL Parameters for ICM and Web Dispatcher Locate this document in the navigation structure

 

Profile parameters are used to configure SSL configuration for the ICM and Web Dispatcher. For SSL communication between the ICM and AS Java the relevant properties must also be set in the AS Java.

Parameter icm/ssl_config_<xx> controls SSL configuration overall.

The parameters below specify the header field names that are used for SSL (certificate forwarding). The Web Dispatcher sets the fields and the ICM on the application server uses them.

Caution Caution

The parameters are set the same in the ICM and in the Web Dispatcher. You should not change the default values unless absolutely necessary.

End of the caution.

Parameter

Meaning

Default

icm/HTTPS/client_certificate_chain_header_prefix

Prefix for the CA certificate chains: The chain is structured from 1 to n, where n+1 is the last CA root certificate in the chain that is not sent to the server.

The server finds the chained certificates in the variables SSL_CLIENT_CERT_CHAIN_1, SSL_CLIENT_CERT_CHAIN_2, and so on.

The CA root certificate, which is the last certificate in the chain, is not sent to the server in a header field. It must exist as a trusted CA in the SSL provider service.

SSL_CLIENT_CERT_CHAIN_

icm/HTTPS/client_certificate_header_name

Header field that contains the user's certificate.

SSL_CLIENT_CERT

icm/HTTPS/client_cipher_suite_header_name

Header field that contains the cipher suite used.

SSL_CIPHER_SUITE

icm/HTTPS/client_key_size_header_name

Header field that contains the key size.

SSL_CIPHER_USEKEYSIZE

icm/HTTPS/trust_client_with_subject

icm/HTTPS/trust_client_with_issuer

For X.509-based logon to NW AS using the SAP Web Dispatcher you need these parameters to create a trusted relationship between the Web Dispatcher and ICM, or between two Web Dispatchers activated one after the other.

More information: X.509-Based Logon to NW AS from SAP Web Dispatcher

More Information

AS Java

In AS Java there are relevant properties for these parameters.

More information:

Using Client Certificates via an Intermediary Server

HTTP Provider Service

Web Dispatcher

For the Web Dispatcher there are additional parameters to control SSL communication.

More information:

SAP Web Dispatcher and SSL

SSL Parameters for the Web Dispatcher