The profile parameter settings depend on the case you are setting up and whether the SAP Web Dispatcher is the SSL client for the connection request or the SSL server, or both.
The SSL-relevant profile parameters are divided into the following categories:
File locations
Information to use for incoming connections that use SSL
Information to use for outgoing connections that use SSL
Information specific for the metadata exchange with the message server when using SSL
See the tables below.
Parameter |
Description |
Value |
---|---|---|
DIR_INSTANCE |
Location of the sec directory that contains the SAP Cryptographic Library. |
<Location_of_SAP_Cryptographic_Library> Example: C:\Program Files\SAP\SAPWebDisp |
ssl/ssl_lib |
Location of the SAP Cryptographic Library |
<Location_of_SAP_Cryptographic_Library> Example: C:\Program Files\SAP\SAPWebDisp\sec |
Parameter |
Description |
Value |
---|---|---|
ssl/server_pse |
Path and file name of the SSL server PSE used by the SAP Web Dispatcher. |
<Path_and_File_Name_of_SSL_server_PSE> Example: C:\Program Files\SAP\SAPWebDisp\sec\SAPSSLS.pse |
icm/server_port_<xx> |
Port to use for incoming HTTPS requests. |
PROT=HTTPS, PORT=<HTTPS_Port>, TIMEOUT=<timeout_value> |
icm/HTTPS/verify_client |
Set if users are to use X.509 client certificates for authentication. This parameter determines how the SAP Web Dispatcher handles inbound HTTP(S) requests. The following values are possible:
See the parameters for outgoing connections to specify how the request is handled further. |
<0,1,2> |
wdisp/add_client_protocol_header |
Specify whether the header variable clientprotocol should be used if there is a change in protocol at the SAP Web Dispatcher (HTTPS to HTTP or vice versa). If this parameter is set to true, then the SAP Web Dispatcher sets clientprotocol to the protocol used between the client and the SAP Web Dispatcher (either HTTP or HTTPS). The application server then uses this value as the protocol to use for generated absolute URIs. |
<true,false> |
Parameter |
Description |
Value |
---|---|---|
ssl/client_pse |
Path and file name of the SSL client PSE used by the SAP Web Dispatcher. |
<Path_and_File_Name_of_SSL_client_PSE> Example: C:\Program Files\SAP\SAPWebDisp\sec\SAPSSLC.pse |
wdisp/ssl_encrypt |
This parameter determines how the SAP Web Dispatcher forwards HTTP(S) requests. The following values are permitted:
|
<0,1,2> |
wdisp/ssl_auth |
This parameter specifies the X.509 client certificate to use to authenticate the SAP Web Dispatcher on the back-end application servers. The following values are permitted:
|
<0,1,2> |
wdisp/ssl_cred |
File name of the SSL client PSE to use. This parameter is only necessary if wdisp/ssl_auth = 2. |
<File_Name_of_SSL_Client_PSE> |
wdisp/ssl_certhost |
Use this parameter if multiple back-end servers use the same host name in their SSL server certificates (for example, www.mycompany.com). |
<Common_Host_Name> |
wdisp/add_client_protocol_header |
Specify whether the header variable should be used. See the description for wdisp/add_client_protocol_header in the table above. |
<true,false> |
Parameter |
Description |
Value |
---|---|---|
rdisp/mshost |
Message server host |
<Message_Server_Host> |
ms/https_port |
HTTPS port on the message server Use ms/http_port if the connection does not use SSL. |
<Message_Server_HTTPS_Port> |
See also:
For more information about the individual parameters, see Parameterization of the SAP Web Dispatcher and SSL Parameters.
For an example, see Sample Profile for the SAP Web Dispatcher When Using SSL.