[Previous posting:

Using the SAP Web Dispatcher for Hybris Marketing, Part 2 Chapter 1]

 

Chapter 2.2: Creating the https back end connection from Web Dispatcher to your SAP system

 

We here go on with step 2 in the diagram:

 

 

 

Capture01.jpg

 

 

Step 2 consists of two parts:

 

     i)      Exporting the SSL Server Certificate from ABAP back end

     ii)      Importing the certificate to the Web Dispatcher Administration environment

 

 

 

i) Exporting the certificate

 

     1.       Open your SAP system and enter the transaction code STRUST.

 

     2.       Then open the folder SSL server Standard on the left and click your system entry (here: l…1).

 

 

If you don’t have a Server PSE yet in your system, you have to create a new one. For security reasons it is recommended that the subject field of the certificate matches the host name of your back end server. Otherwise the SSL client will raise a host mismatch error when calling the back end.

 

Remark: Within your corporate network it is acceptable to use a self-signed certificate. That’s how we did it in our example. Of course you can also use an internal or public CA for signing your certificate. In this case you don’t have to export the certificate here, but should simply import the root CA into SAP Web Dispatcher’s client PSE.

 

     3.       Next, click in the “Subject” field:

 

 

When you do this, the “Certificate” area will be filled:

 

 

    4.       Now, click the Display/Change icon at the top, and export your Certificate by clicking the corresponding icon:

 

 

     5.       Choose a path and name for your certificate and append the extension .cer. The file format should be Base64.

     6.       Go back to the ABAP back end and enter the transaction code SMICM.

 

     7.       Click Goto in the menu bar and choose Parameters -> Display.

 

 

A https port must be opened, in this case icm/server_port[1].

 

Have a look at step 4 in the diagram on the diagram on the next page to see what this looks like:

 

https://help.sap.com/saphelp_nw73ehp1/helpdata/en/48/98e6a84be0062fe10000000a42189d/content.htm


 

     ii) Importing the certificate

 

After the export is done, you can import the certificate in the Web Dispatcher Client PSE (short for ‘Personal Security Environment’).

 

     1.       Open the SAP Web Dispatcher Administration and go to SSL and Trust Configuration -> PSE Management in the menu.

 

 

     2.       Choose the entry ‘SAPSSLC.pse’ in the dropdown menu besides ‘Manage PSE’ (‘C’ means ‘Client’): Capture11.jpg

 

     3.       Click on ‘Import Certificate’ (in the section ‘Trusted Certificates’ on the bottom).

 

Capture12.jpg

 

     4.       Now copy and paste the certificate you saved before as a text. For this purpose open the file with a text editor (e. g. Notepad) and put in the whole text, including —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–.

 

     5.       After this, click on ‘Import’. A green success message should appear.

 

Capture13.jpg

 

     6.       At this point, a restart of the Web Dispatcher is required.

 

     7.       Wait until the Web Dispatcher is started again, go to your Web Dispatcher Administration UI and restart the browser.

 

Your system should be visible in the Menu pane:

 

 

When you now check the Monitor Application Servers (Menu -> your system -> Monitor Application Servers), the https connection should be shown as valid.

 

Now you can proceed with step 3:

 

Using the SAP Web Dispatcher for Hybris Marketing, Part 2 Chapter 3

To report this post you need to login first.

2 Comments

You must be Logged on to comment or reply to a post.

  1. Youssef El jaoujat

    Thanks, Florian

    It was very detailed and clear , that allow anyone to proceed with each step  easily .

    I’m wondering if we can automate these steps on a seamless process ?

    Kind regards

    (0) 
    1. Florian Schwoebel Post author

      Hello Youssef,

      thank you very much for your comment!

      The problem with automation is that only some of the steps can be automated (with a certain effort), others – like the certificate handling – have to be done manually. If you automated, e.g., the profile configuration, the result would just be a UI in which you would maintain the same parameters as in the text file. This would not be much of a gain.

      So the best ‘workaround’ seems to be a detailed step-by-step instruction.

      Kind regards,

      Florian

      (0) 

Leave a Reply