https://community.sap.com/t5/application-development-and-automation-discussions/ssl-with-different-hostname/m-p/5122337#M1187849 <HTML><HEAD></HEAD><BODY><P>Hi Sietze,</P><P></P><P>Thanks for your answer. I indeed have things working at this moment. Problem was that I performed some previous tests and internet explorer still had some certificates loaded, causing the error messages. As you already mentioned the CN in the certificate should describe the hostname in the url. This brings us to another problem. We would like a smooth transition from the old name serv_01 to sapbw. To prevent lots of service desk calls we would temporary like both urls to point to the same BW system. </P><P></P><P>Thus:</P><P></P><P><A href="https://serv01/sap/bw/bex" target="test_blank">https://serv01/sap/bw/bex</A></P><P>and</P><P><A href="https://sapbw/sap/bw/bex" target="test_blank">https://sapbw/sap/bw/bex</A></P><P></P><P>To point to the same BW system (with only one server).</P><P></P><P>However, then we would face the CN problem in the certificate. Is there any easy way to make this work? Or should we temporarely install 2 SAP Web Dispatchers on seperate servers, which redirect to the BW system?</P><P></P><P>Thanks,</P><P>Bart.</P></BODY></HTML> Wed, 21 Jan 2009 14:28:42 GMT BSG 2009-01-21T14:28:42Z https://community.sap.com/t5/application-development-and-automation-discussions/ssl-with-different-hostname/m-p/5122335#M1187847 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>For our SAP BW system running on host serv_01 we would like to use a more functional hostname for the enduser access, e.g. sapbw. For this we have created an alias in the dns: sapbw, pointing to serv_01.</P><P>The idea is that end users will then use sapbw in their URLs to access the system, e.g. http(s)://sapbw/sap/bw/BEx in stead of http(s)://serv_01/sap/bw/BEx. For http access this goes fine. However, when using https we encounter certificate problems. Internet explorer is giving certificate errors mentioning that the hostname mentioned in the certificate (probably serv_01?) is not the hostname in the url (sapbw).</P><P></P><P>Did anyone try to use such a functional hostname with an alias to the technical hostname and succeeded in this? Any other ideas?</P><P></P><P>Thanks,</P><P>Regards,</P><P>Bart</P></BODY></HTML> Wed, 21 Jan 2009 13:09:10 GMT https://community.sap.com/t5/application-development-and-automation-discussions/ssl-with-different-hostname/m-p/5122335#M1187847 BSG 2009-01-21T13:09:10Z https://community.sap.com/t5/application-development-and-automation-discussions/ssl-with-different-hostname/m-p/5122336#M1187848 <HTML><HEAD></HEAD><BODY><P>The CN part of the subject must equal the server name. This rule is enforced by all browsers to thwart man-in-the-middle attacks using the DNS and forms an important part of the security SSL (or TLS) offers (although there are always ways around it, of course). So just issue the server a certificate with the correct name and you're done.</P></BODY></HTML> Wed, 21 Jan 2009 13:58:23 GMT https://community.sap.com/t5/application-development-and-automation-discussions/ssl-with-different-hostname/m-p/5122336#M1187848 Former Member 2009-01-21T13:58:23Z https://community.sap.com/t5/application-development-and-automation-discussions/ssl-with-different-hostname/m-p/5122337#M1187849 <HTML><HEAD></HEAD><BODY><P>Hi Sietze,</P><P></P><P>Thanks for your answer. I indeed have things working at this moment. Problem was that I performed some previous tests and internet explorer still had some certificates loaded, causing the error messages. As you already mentioned the CN in the certificate should describe the hostname in the url. This brings us to another problem. We would like a smooth transition from the old name serv_01 to sapbw. To prevent lots of service desk calls we would temporary like both urls to point to the same BW system. </P><P></P><P>Thus:</P><P></P><P><A href="https://serv01/sap/bw/bex" target="test_blank">https://serv01/sap/bw/bex</A></P><P>and</P><P><A href="https://sapbw/sap/bw/bex" target="test_blank">https://sapbw/sap/bw/bex</A></P><P></P><P>To point to the same BW system (with only one server).</P><P></P><P>However, then we would face the CN problem in the certificate. Is there any easy way to make this work? Or should we temporarely install 2 SAP Web Dispatchers on seperate servers, which redirect to the BW system?</P><P></P><P>Thanks,</P><P>Bart.</P></BODY></HTML> Wed, 21 Jan 2009 14:28:42 GMT https://community.sap.com/t5/application-development-and-automation-discussions/ssl-with-different-hostname/m-p/5122337#M1187849 BSG 2009-01-21T14:28:42Z https://community.sap.com/t5/application-development-and-automation-discussions/ssl-with-different-hostname/m-p/5122338#M1187850 <HTML><HEAD></HEAD><BODY><P>Why so hard? Just have an apache server on serv01 that redirects (after a certain period of time) to sapbw. You can then also display a message to users explaining things. Of course, the solution with both web dispatchers will also work.</P></BODY></HTML> Thu, 22 Jan 2009 12:58:04 GMT https://community.sap.com/t5/application-development-and-automation-discussions/ssl-with-different-hostname/m-p/5122338#M1187850 Former Member 2009-01-22T12:58:04Z https://community.sap.com/t5/application-development-and-automation-discussions/ssl-with-different-hostname/m-p/5122339#M1187851 <HTML><HEAD></HEAD><BODY><P>Decided to use a dns alias.</P></BODY></HTML> Tue, 02 Jun 2009 05:55:07 GMT https://community.sap.com/t5/application-development-and-automation-discussions/ssl-with-different-hostname/m-p/5122339#M1187851 BSG 2009-06-02T05:55:07Z