Technical Articles
Basic aspects of setting up an SAP Web Dispatcher with SSL
Throughout this new blog series, some basic aspects will be considered, as enumerated below:
- The SAP Web Dispatcher version.
The version used is the one recommended in SAP Note 908097 – SAP Web Dispatcher: Release, Installation, Patches, Documentation. Currently, I am using version 7.73, patch level 123, the latest available in the SAP ONE Support Launchpad.
As the scenarios are all SSL-related, note that the CommonCryptoLib is delivered with the SAP Web Dispatcher package. More on CommonCryptolib in SAP Note 1848999 – Central Note for CommonCryptoLib 8 (SAPCRYPTOLIB).
- The SSL configuration will be performed using the available UIs.
For the ERP/ECC system, STRUST will be used. Important: the test system used is based on the SAP NetWeaver 7.50 product. The interface is improved as of release 7.40. If you are using an older release (<7.40) and if you could not follow a step, then let me know using the comment section below; I will see whether I can find a similar (old) system and recreate the steps for such release. For the correct setup of SSL on the Application Server ABAP, SAP Note 510007 (Setting up SSL on Application Server ABAP) must be followed: read it carefully!
For the SAP Web Dispatcher, there is the Web Dispatcher Administration UI. Its menu brings the “SSL and Trust Configuration” item, with the “PSE Management”. More on this topic can be found in this wiki page.
The command line interface provided by sapgenpse will be only used as last resort.
- A special comment on STRUST.
Please, please, do NOT use the System PSE for SSL purposes. It will NOT work. The System PSE has no SSL purposes! If you are trying to use it, it means that you have NOT read SAP Note 510007: go back one step or game over.
- General troubleshooting information.
The following documents can help if any issue is faced while using SSL with the Web Dispatcher:
KBA 2394406 – Required information for analyzing SSL issues on Web Dispatchers
KBA 2559936 – [WEBINAR] Troubleshooting and Configuring SAP Web Dispatcher
KBA 2616927 – Troubleshooting common scenarios and errors in Web Dispatcher – Guided Answers
Next on the list: a basic scenario, with SSL re-encryption, showing involved parties, how to export/import certificates and revisiting the available traces.
Hi Cris,
It looks like you have an unintended link at the end of this blog, where you write "Next on the list..." The link is pointing back to https://blogs.sap.com/2019/07/01/using-the-sap-web-dispatcher-ssl-scenarios-and-more/, which was your intro that linked to this blog at the end. So, it has become circular.
I think you meant the link here to point somewhere else.
Cheers,
Matt
Hi Matt,
I need to resume this blog series. Being quite busier since I started back in 2019.
I am putting an internal note (To Do list) to bring new content soon (probably until mid March).
Thanks,
Cris
No worries! I totally understand about how one's paying job can get in the way of things! You may have noticed how my own contributions to the Community have really dropped off in the past year or so, and it is for the same reason.
I just worried that I was missing an important blog that might finally unlock all the secrets to Web Dispatcher configuration, once and for all. 🙂
I wish I was that good to unlock secrets. 🙂 I write from experience and exchanging knowledge with pretty good people around me.
But I'll be back with new content. I like to share and want to add more flags to the blogs (share knowledge in more languages - not counting that much on automated translation).