Вы находитесь на странице: 1из 15

Terminating SSL on SAP Web Dispatcher

Applies to:

Terminating SSL on SAP Web Dispatcher Applies to: Configuring Terminating SSL on SAP Web dispatcher 7.0Operations homepage . Summary This document clearly explains the step-by-step procedure for the configuring Terminating SSL on SAP Web dispatcher 7.0 and Higher. The procedure in the Document applies for configuration on Unix architecture. In this Document we are configuring the SSL certificate by requesting the test certificate from SAP CA Author: Anil Bhandary Company: Capgemini India Created on: 04 April 2010 Author Bio Anil Bhandary has about three years of experience in software of SAP NetWeaver Technical consultant in the area of ECC, SRM, EP, MDM, XI and solution Manager. Currently working for capgemini.com SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2010 SAP AG 1 " id="pdf-obj-0-8" src="pdf-obj-0-8.jpg">

Configuring Terminating SSL on SAP Web dispatcher 7.0 and Higher. For more information, visit the Operations homepage.

Summary

This document clearly explains the step-by-step procedure for the configuring Terminating SSL on SAP Web dispatcher 7.0 and Higher. The procedure in the Document applies for configuration on Unix architecture. In this Document we are configuring the SSL certificate by requesting the test certificate from SAP CA

Author:

Anil Bhandary

Company:

Capgemini India

Created on: 04 April 2010

Author Bio

Terminating SSL on SAP Web Dispatcher Applies to: Configuring Terminating SSL on SAP Web dispatcher 7.0Operations homepage . Summary This document clearly explains the step-by-step procedure for the configuring Terminating SSL on SAP Web dispatcher 7.0 and Higher. The procedure in the Document applies for configuration on Unix architecture. In this Document we are configuring the SSL certificate by requesting the test certificate from SAP CA Author: Anil Bhandary Company: Capgemini India Created on: 04 April 2010 Author Bio Anil Bhandary has about three years of experience in software of SAP NetWeaver Technical consultant in the area of ECC, SRM, EP, MDM, XI and solution Manager. Currently working for capgemini.com SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2010 SAP AG 1 " id="pdf-obj-0-35" src="pdf-obj-0-35.jpg">

Anil Bhandary has about three years of experience in software of SAP NetWeaver Technical consultant in the area of ECC, SRM, EP, MDM, XI and solution Manager. Currently working for capgemini.com

SAP COMMUNITY NETWORK

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

Terminating SSL on SAP Web Dispatcher

Table of Contents

  • 1. Introduction

3

  • 2. Perquisites for configuring

3

  • 2.1 Download SAP Cryptographic Binary from SAP Market

3

  • 3. Steps for configuring

4

  • 3.1 Create sec Folder

4

  • 3.2 Extracting the Cryptographic binary in EXE

4

  • 3.3 Setting the Environment Variable for SSL certificate

4

  • 3.4 Checking the Instance profile file of SAP web dispatcher

......................................................................

4

  • 3.5 Command for generating certificate

5

  • 3.6 certificate from SAP

Requesting

the TEST

6

  • 3.7 Importing certificate in

10

  • 3.8 PSE. ...........................................................................................................

Importing

Credential in

10

  • 3.7 Making Changes in Instance profile of SAP web

11

  • 3.8 Changing the owner and rights of file ICMBND Binary

.....................................................................

12

  • 3.9 Stop and Start the SAP Web dispatcher after making all above changes

.........................................

12

Related

14

Disclaimer and Liability Notice

15

SAP COMMUNITY NETWORK

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

Terminating SSL on SAP Web Dispatcher

  • 1. Introduction

This Document will help you to understand how to go proceed for configuring Terminating SSL on SAP Web dispatcher 7.0 and higher . Here we are requesting a test certificate from SAP CA, where this certificate is required to start SAP Web dispatcher with SSL protocol

Note: - In this document you will see the SID = WJ1 and instance no = 01 (You will change the SID and instance no as per your sap web dispatcher configuration)

In this document we are using Terminating SSL concept where the request is terminated at the SAP Web Dispatcher. The incoming connection uses HTTPS and the outgoing connection uses HTTP. Therefore, in such scenario we must configure the SAP Web Dispatcher as an SSL server.

Here user calls the URL of Portal using web dispatcher which is located in front of portal. Here URL is called using HTTPS protocol which is configured on web dispatcher. When user hits the URL on HTTPS, the HTTPS protocol get terminated on web dispatcher and it internal call the backend portal system using HTTP protocol. It means encryption and decryption happened on Web dispatcher itself.

  • 2. Perquisites for configuring SSL

2.1 Download SAP Cryptographic Binary from SAP Market Place.

Cryptographic Binary can be download from below link http://service.sap.com/swdc Download SAP Cryptographic Software

After click on SAP Cryptographic Software you will get new browser window, where you have to select the file and download the file depend upon the OS platform on which you have to configure SAP Router

Terminating SSL on SAP Web Dispatcher 1. Introduction This Document will help you to understand

SAP COMMUNITY NETWORK

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

Terminating SSL on SAP Web Dispatcher

3. Steps for configuring SSL.

  • 3.1 Create sec Folder

(Folder will contain SSL configuration files) cd /usr/sap/<SID>/SYS Mkdir sec

Terminating SSL on SAP Web Dispatcher 3. Steps for configuring SSL. 3.1 Create sec Folder
  • 3.2 Extracting the Cryptographic binary in EXE folder.

Copy Downloaded Cryptographic Binary to /sapmnt/<SID>/exe and extract the binary using SAPCAR # SAPCAR -xvf < Cryptographic Binary >

Terminating SSL on SAP Web Dispatcher 3. Steps for configuring SSL. 3.1 Create sec Folder

After extracting the SAR file you will get above files and addition file as ticket. Copy this ticket file from EXE directory to /usr/sap/<SID>/SYS/sec/

  • 3.3 Setting the Environment Variable for SSL certificate location.

Terminating SSL on SAP Web Dispatcher 3. Steps for configuring SSL. 3.1 Create sec Folder
  • 3.4 Checking the Instance profile file of SAP web dispatcher.

(Profile file get created after successful installation of SAP web dispatcher)

You will get this instance profile file in location /sapmnt/<SID>/profile/

SAP COMMUNITY NETWORK

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

Terminating SSL on SAP Web Dispatcher

Terminating SSL on SAP Web Dispatcher 3.5 Command for generating certificate request. (This is needed

3.5 Command for generating certificate request.

(This is needed to send SAP CA for getting the valid SSL Certificate) sapgenpse get_pse -p SAPSSL.pse -r test.req "CN=abc.xyz.com, OU=ABC, O=ABC, C=IN"

Terminating SSL on SAP Web Dispatcher 3.5 Command for generating certificate request. (This is needed
Terminating SSL on SAP Web Dispatcher 3.5 Command for generating certificate request. (This is needed

Provide whatever password you prefer (Maintain the password for future reference)

SAP COMMUNITY NETWORK

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

Terminating SSL on SAP Web Dispatcher

Terminating SSL on SAP Web Dispatcher Here test.req is request file which need to sendhttp://service.sap.com/tcs with valid Suser id and password b. Click on SSL Test Server Certificate. Click here to get SSL Test certificate from SAP (This certificate just for testing purpose) After clicking on SSL test server certificate, you will get below window. SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2010 SAP AG 6 " id="pdf-obj-5-8" src="pdf-obj-5-8.jpg">

Here test.req is request file which need to send to SAP CA for generating the test certificate.

3.6 Requesting the TEST certificate from SAP AG.

Click here to get SSL Test certificate from SAP (This certificate just for testing purpose)
Click here to get SSL Test
certificate from SAP
(This certificate just for
testing purpose)

After clicking on SSL test server certificate, you will get below window.

SAP COMMUNITY NETWORK

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

Terminating SSL on SAP Web Dispatcher

Terminating SSL on SAP Web Dispatcher Click on “ Test it Now “ after clicking

Click on Test it Nowafter clicking you will get below option.

Terminating SSL on SAP Web Dispatcher Click on “ Test it Now “ after clicking

Paste the output present in file test.req, which we have created in previous step Find the below screenshot for your reference.

SAP COMMUNITY NETWORK

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

Terminating SSL on SAP Web Dispatcher

Terminating SSL on SAP Web Dispatcher Paste the content of test.req in “ Enter data

Paste the content of test.req in “ Enter data for public key “ dialog box and select PKCS#7 certificate chain in “ Choose server type “ selection tab.

Terminating SSL on SAP Web Dispatcher Paste the content of test.req in “ Enter data

SAP COMMUNITY NETWORK

SDN - sdn.sap.com | BPX - bpx.sap.com |

BOC - boc.sap.com

Terminating SSL on SAP Web Dispatcher

After filling the above column click on continue tab After clicking on Continue you will get below dialog Box.

Terminating SSL on SAP Web Dispatcher After filling the above column click on continue tab

Copy the above output from Begin certificate to End certificate and paste it in text file and save the file as “ import.cer “ as shown below

Terminating SSL on SAP Web Dispatcher After filling the above column click on continue tab

SAP COMMUNITY NETWORK

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

Terminating SSL on SAP Web Dispatcher

Terminating SSL on SAP Web Dispatcher After saving the file import.cer , copy the file

After saving the file import.cer , copy the file to server on location /usr/sap/<SID>/SYS/sec/

Terminating SSL on SAP Web Dispatcher After saving the file import.cer , copy the file
  • 3.7 Importing certificate in PSE.

sapgenpse import_own_cert -c import.cer -p SAPSSL.pse

Terminating SSL on SAP Web Dispatcher After saving the file import.cer , copy the file

Give the same password which we have given while generating test.req file.

  • 3.8 Importing Credential in PSE.

sapgenpse seclogin -p SAPSSL.pse

Terminating SSL on SAP Web Dispatcher After saving the file import.cer , copy the file

Give the same password which we have given while generating test.req file.

After importing the credential additional file get created in sec folder, here the additional file name is

“ cred_v2 “

Terminating SSL on SAP Web Dispatcher After saving the file import.cer , copy the file

SAP COMMUNITY NETWORK

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

Terminating SSL on SAP Web Dispatcher

  • 3.7 Making Changes in Instance profile of SAP web dispatcher.

Make necessary changes in existing parameter as well as add some additional parameter in instance profile of SAP web dispatcher. Do the changes as per below screenshot Here in this web dispatcher we have bind HTTP on port 8080 and HTTPS on 443

Terminating SSL on SAP Web Dispatcher 3.7 Making Changes in Instance profile of SAP web
Terminating SSL on SAP Web Dispatcher 3.7 Making Changes in Instance profile of SAP web
Terminating SSL on SAP Web Dispatcher 3.7 Making Changes in Instance profile of SAP web

SAP COMMUNITY NETWORK

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

Terminating SSL on SAP Web Dispatcher

Terminating SSL on SAP Web Dispatcher 3.8 Changing the owner and rights of file ICMBND
  • 3.8 Changing the owner and rights of file ICMBND Binary.

/sapmnt/<sid>/exe/icmbnd Owner should be root :sapsys and rights should be 4750

Terminating SSL on SAP Web Dispatcher 3.8 Changing the owner and rights of file ICMBND
  • 3.9 Stop and Start the SAP Web dispatcher after making all above changes.

Terminating SSL on SAP Web Dispatcher 3.8 Changing the owner and rights of file ICMBND

After webdispatcher started check the log files of webidpstahcer present in /usr/sap/<sid>/<instance>/work In the work folder we have to check dev_webdisp and dev_icmbnd. For e.g log will be look like below screenshot.

dev_webdisp

SAP COMMUNITY NETWORK

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

Terminating SSL on SAP Web Dispatcher

Terminating SSL on SAP Web Dispatcher dev_icmbnd SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX

dev_icmbnd

Terminating SSL on SAP Web Dispatcher dev_icmbnd SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX

SAP COMMUNITY NETWORK

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

Terminating SSL on SAP Web Dispatcher

Related Contents.

Note 974284 - SAP Web Dispatcher 7.00: Patch history For more information, visit the Operations homepage.

SAP COMMUNITY NETWORK

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

Terminating SSL on SAP Web Dispatcher

Disclaimer and Liability Notice

This document may discuss sample coding or other information that does not include SAP official interfaces and therefore is not supported by SAP. Changes made based on this information are not supported and can be overwritten during an upgrade.

SAP will not be held liable for any damages caused by using or misusing the information, code or methods suggested in this document, and anyone using these methods does so at his/her own risk.

SAP offers no guarantees and assumes no responsibility or liability of any type with respect to the content of this technical article or code sample, including any liability resulting from incompatibility between the content within this document and the materials and services offered by SAP. You agree that you will not hold, or seek to hold, SAP responsible or liable with respect to the content of this document.

SAP COMMUNITY NETWORK

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com