https://community.sap.com/t5/application-development-and-automation-discussions/ssl-re-encryption-multiple-certificates-required/m-p/6257189#M1384477 <HTML><HEAD></HEAD><BODY><P>HI Julius,</P><P></P><P>Thank you very much for your answer in regards to the shared PSE, I think this almost answers the question. </P><P>Should I generate the PSE in the WAS and export to the Web Dispatcher ot rather generate in Web Dispatcher(sapgenpse) and import into WAS?</P><P></P><P>In regards to your first paragraph:</P><P>Unfortunately I was instructed to use re-encryption on SSL all the way to the WAS.</P><P>How heavy is the load caused by the web dispatcher in this case? Is it a case of marginal CPU load or should I have a seperate box for the WAS? Currently I have installed it on the same box as the CI? (The web dispatcher will only be used for load balancing, we have MS ISA servers as reverse proxies).</P><P></P><P>Many thanks!</P><P>Adriaan</P></BODY></HTML> Mon, 09 Nov 2009 07:48:50 GMT Former Member 2009-11-09T07:48:50Z https://community.sap.com/t5/application-development-and-automation-discussions/ssl-re-encryption-multiple-certificates-required/m-p/6257187#M1384475 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>I am setting up a Web Dispatcher for SSL. It must use re-encryption. (going live with E-recruiting)</P><P>Do I need a seperate generated certificate for the Web Dispatcher and the ABAP WAS backend?</P><P>I would prefer to make one single request to the CA and use the certificate for both the Web Dispatcher and thr ABAP WAS backend.</P><P>Thanks,</P><P>Adriaan</P></BODY></HTML> Mon, 09 Nov 2009 07:01:02 GMT https://community.sap.com/t5/application-development-and-automation-discussions/ssl-re-encryption-multiple-certificates-required/m-p/6257187#M1384475 Former Member 2009-11-09T07:01:02Z https://community.sap.com/t5/application-development-and-automation-discussions/ssl-re-encryption-multiple-certificates-required/m-p/6257188#M1384476 <HTML><HEAD></HEAD><BODY><P>Why does e-Recruiting require "re-encryption"?</P><P></P><P>Are you terminating connections on the webdispatcher? This anyway means that you will need to have a high level of trust and security on the webdispatcher itself... and if you encrypt again then your webdispatcher might become a performance bottleneck in the design...</P><P></P><P>Anyway, if you create a certificate request for a shared PSE, then they will have the same identity and you can use the same response for both.</P><P></P><P>Cheers,</P><P>Julius</P></BODY></HTML> Mon, 09 Nov 2009 07:30:00 GMT https://community.sap.com/t5/application-development-and-automation-discussions/ssl-re-encryption-multiple-certificates-required/m-p/6257188#M1384476 Former Member 2009-11-09T07:30:00Z https://community.sap.com/t5/application-development-and-automation-discussions/ssl-re-encryption-multiple-certificates-required/m-p/6257189#M1384477 <HTML><HEAD></HEAD><BODY><P>HI Julius,</P><P></P><P>Thank you very much for your answer in regards to the shared PSE, I think this almost answers the question. </P><P>Should I generate the PSE in the WAS and export to the Web Dispatcher ot rather generate in Web Dispatcher(sapgenpse) and import into WAS?</P><P></P><P>In regards to your first paragraph:</P><P>Unfortunately I was instructed to use re-encryption on SSL all the way to the WAS.</P><P>How heavy is the load caused by the web dispatcher in this case? Is it a case of marginal CPU load or should I have a seperate box for the WAS? Currently I have installed it on the same box as the CI? (The web dispatcher will only be used for load balancing, we have MS ISA servers as reverse proxies).</P><P></P><P>Many thanks!</P><P>Adriaan</P></BODY></HTML> Mon, 09 Nov 2009 07:48:50 GMT https://community.sap.com/t5/application-development-and-automation-discussions/ssl-re-encryption-multiple-certificates-required/m-p/6257189#M1384477 Former Member 2009-11-09T07:48:50Z https://community.sap.com/t5/application-development-and-automation-discussions/ssl-re-encryption-multiple-certificates-required/m-p/6257190#M1384478 <HTML><HEAD></HEAD><BODY><P>It is much easier to do in STRUST than sapgenpse, but I have also read in a manual that you should not mix use of the two. No reason was given - perhaps someone else knows and has run into troubles with it?</P><P></P><P>If I understand correctly, you are NOT using session termination as I originally thought, but rather using the webdispatcher as a load balancer and need to decrypt the https requests to know which server the user already is logged onto?</P><P></P><P>I think this is unnecessarily complicated... </P><P></P><P>If you are keeping the session connected, then why don´t you point your webdispatcher to the message server and let that balance the user load. It also natively knows which servers are available and is much easier to implement?</P><P></P><P>Cheers,</P><P>Julius</P><P></P></BODY></HTML> Mon, 09 Nov 2009 18:06:31 GMT https://community.sap.com/t5/application-development-and-automation-discussions/ssl-re-encryption-multiple-certificates-required/m-p/6257190#M1384478 Former Member 2009-11-09T18:06:31Z