Chapter 2.2: Creating the https back end connection from Web Dispatcher to your SAP system
We here go on with step 2 in the diagram:
Step 2 consists of two parts:
i) Exporting the SSL Server Certificate from ABAP back end
ii) Importing the certificate to the Web Dispatcher Administration environment
i) Exporting the certificate
1. Open your SAP system and enter the transaction code STRUST.
2. Then open the folder SSL server Standard on the left and click your system entry (here: l…1).
If you don’t have a Server PSE yet in your system, you have to create a new one. For security reasons it is recommended that the subject field of the certificate matches the host name of your back end server. Otherwise the SSL client will raise a host mismatch error when calling the back end.
Remark: Within your corporate network it is acceptable to use a self-signed certificate. That’s how we did it in our example. Of course you can also use an internal or public CA for signing your certificate. In this case you don’t have to export the certificate here, but should simply import the root CA into SAP Web Dispatcher’s client PSE.
3. Next, click in the “Subject” field:
When you do this, the “Certificate” area will be filled:
4. Now, click the Display/Change icon at the top, and export your Certificate by clicking the corresponding icon:
5. Choose a path and name for your certificate and append the extension .cer. The file format should be Base64.
6. Go back to the ABAP back end and enter the transaction code SMICM.
7. Click Goto in the menu bar and choose Parameters -> Display.
A https port must be opened, in this case icm/server_port.
Have a look at step 4 in the diagram on the diagram on the next page to see what this looks like:
ii) Importing the certificate
After the export is done, you can import the certificate in the Web Dispatcher Client PSE (short for ‘Personal Security Environment’).
1. Open the SAP Web Dispatcher Administration and go to SSL and Trust Configuration -> PSE Management in the menu.
3. Click on ‘Import Certificate’ (in the section ‘Trusted Certificates’ on the bottom).
4. Now copy and paste the certificate you saved before as a text. For this purpose open the file with a text editor (e. g. Notepad) and put in the whole text, including —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–.
5. After this, click on ‘Import’. A green success message should appear.
6. At this point, a restart of the Web Dispatcher is required.
7. Wait until the Web Dispatcher is started again, go to your Web Dispatcher Administration UI and restart the browser.
Your system should be visible in the Menu pane:
When you now check the Monitor Application Servers (Menu -> your system -> Monitor Application Servers), the https connection should be shown as valid.
Now you can proceed with step 3: