Chapter 2.3: Configuration of the Web Dispatcher
We are now dealing with step 3 in our diagram:
Note that in this step you should not use a self-signed certificate as you did in step 2, because the browser will then display an alert message. The certificate used here should be signed by a certificate authority (CA) that the browser accepts. Examples for CAs are Verisign, Comodo, DigiCert, etc.
The first thing to do in step 3 is to generate a Certificate in the Server PSE. In step 2, the Web Dispatcher had the role of a client, with the ABAP system as server. Now the Web Dispatcher is a server, while the Browser is the client.
1. So we open the PSE Management in the Web Dispatcher Administration again.
In the screenshot above, the PSE Attributes Subject and Issuer are the same, which means that the actual certificate is self-signed.
2. This time, we need the entry ‘SAPSSLS.pse’, where the final ‘S’ stands for ‘Server’.
Note that after the installation of the SAP Web Dispatcher, the certificate is self-signed (as you can see above). We will change this now by sending a certificate request to a certification authority.
3. Click the button highlighted below to create a Certificate Request.
4. You can now send a request to a CA by copying the Certificate Request out of the upper window. Unfortunately, it can take several days until you receive the Response.
5. The Response, ideally formatted as PKCS#7, is then entered in the window below.
6. Click ‘Import’. Now you see that the Server Certificate was signed by our CA
7. Restart the Web Dispatcher to make the changes effective.
Instead of this…
…your browser’s address line should now look like this:
In the certificate information you can see the Certification Path:
Your Web Dispatcher is now securely connected to back end and front end.