Using the SAP Web Dispatcher for Hybris Marketing, Part 2 Chapter 3
[Previous posting:
Using the SAP Web Dispatcher for Hybris Marketing, Part 2 Chapter 2]
Chapter 2.3: Configuration of the Web Dispatcher
We are now dealing with step 3 in our diagram:
Note that in this step you should not use a self-signed certificate as you did in step 2, because the browser will then display an alert message. The certificate used here should be signed by a certificate authority (CA) that the browser accepts. Examples for CAs are Verisign, Comodo, DigiCert, etc.
The first thing to do in step 3 is to generate a Certificate in the Server PSE. In step 2, the Web Dispatcher had the role of a client, with the ABAP system as server. Now the Web Dispatcher is a server, while the Browser is the client.
1. So we open the PSE Management in the Web Dispatcher Administration again.
In the screenshot above, the PSE Attributes Subject and Issuer are the same, which means that the actual certificate is self-signed.
2. This time, we need the entry ‘SAPSSLS.pse’, where the final ‘S’ stands for ‘Server’.
Note that after the installation of the SAP Web Dispatcher, the certificate is self-signed (as you can see above). We will change this now by sending a certificate request to a certification authority.
3. Click the button highlighted below to create a Certificate Request.
4. You can now send a request to a CA by copying the Certificate Request out of the upper window. Unfortunately, it can take several days until you receive the Response.
5. The Response, ideally formatted as PKCS#7, is then entered in the window below.
6. Click ‘Import’. Now you see that the Server Certificate was signed by our CA
7. Restart the Web Dispatcher to make the changes effective.
Instead of this…
…your browser’s address line should now look like this:
.
In the certificate information you can see the Certification Path:
Your Web Dispatcher is now securely connected to back end and front end.
Thank you so much for your blog Florian.
I am in the process of deploying Hybris For Marketing 1611.
I was struggling with some certificate chain trust issues before discovering your blog !
And the same logic applies when exchanging certificates between XS engine and ABAP isntance and Webdispatcher
Thanks
Hello Raoul,
thank you very much for your comment!
I'm happy that my blog was helpful for you.
Regards, Florian
Thank you Florian for the article, very useful.