Show TOC

Background documentationSSL Parameters for ICM and Web Dispatcher Locate this document in the navigation structure


Profile parameters are used to configure SSL configuration for the ICM and Web Dispatcher. For SSL communication between the ICM and AS Java the relevant properties must also be set in the AS Java.

Parameter icm/ssl_config_<xx> controls SSL configuration overall.

The parameters below specify the header field names that are used for SSL (certificate forwarding). The Web Dispatcher sets the fields and the ICM on the application server uses them.

Caution Caution

The parameters are set the same in the ICM and in the Web Dispatcher. You should not change the default values unless absolutely necessary.

End of the caution.





Prefix for the CA certificate chains: The chain is structured from 1 to n, where n+1 is the last CA root certificate in the chain that is not sent to the server.

The server finds the chained certificates in the variables SSL_CLIENT_CERT_CHAIN_1, SSL_CLIENT_CERT_CHAIN_2, and so on.

The CA root certificate, which is the last certificate in the chain, is not sent to the server in a header field. It must exist as a trusted CA in the SSL provider service.



Header field that contains the user's certificate.



Header field that contains the cipher suite used.



Header field that contains the key size.




For X.509-based logon to NW AS using the SAP Web Dispatcher you need these parameters to create a trusted relationship between the Web Dispatcher and ICM, or between two Web Dispatchers activated one after the other.

More information: X.509-Based Logon to NW AS from SAP Web Dispatcher

More Information

AS Java

In AS Java there are relevant properties for these parameters.

More information:

Using Client Certificates via an Intermediary Server

HTTP Provider Service

Web Dispatcher

For the Web Dispatcher there are additional parameters to control SSL communication.

More information:

SAP Web Dispatcher and SSL

SSL Parameters for the Web Dispatcher