topic Re: SSL implementation in Application Development and Automation Discussions

SSL implementation

Former Member — Thu, 24 Mar 2011 14:52:04 GMT

Greetings,

We are planning to configure SSL in our portal environment.

Scenario 1: User (From Internet) ->(HTTPS)-> Apache Reverse Proxy ->(HTTPS)-> Web Dispatcher (SSL Termination and re-encryption) ->(HTTPS)-> Portal

Scenario 2: User (From Intranet) ->(HTTPS)-> Web Dispatcher (SSL Termination and re-encryption) ->(HTTPS)-> Portal

Can anyone please let me know at what level I need to configure SSL and how do I proceed in both scenarios? Do I have to install SSL at portal, web dispatcher or at Apache level? Will SSL termination work for scenario 2?

Any help would be appreciated.

Thanks,

Sham

Re: SSL implementation

Former Member — Thu, 24 Mar 2011 16:47:10 GMT

The majority of the work here is around configuring your Web Dispatcher and Apache Reverse proxy. The work on the portal is straight forward enabling of SSL.

You can follow http://help.sap.com/saphelp_nw2004s/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm for setting this up.

what level I need to configure SSL and how do I proceed in both scenarios?

Your question itself says where you need SSL. SSL is required where ever you need HTTPS communication.

how do I proceed in both scenarios?

From a portal perspective, the configuration should remain the same.

Do I have to install SSL at portal, web dispatcher or at Apache level?

SSL needs to be configured at all the 3 levels if you are looking at end to end SSL implementation.

See the following for possible SSL implementation options:

http://help.sap.com/saphelp_nw04/helpdata/en/d8/a922d7f45f11d5996e00508b5d5211/frameset.htm

https://cw.sdn.sap.com/cw/docs/DOC-115509

Will SSL termination work for scenario 2?

Yes this should work - see http://help.sap.com/saphelp_nw2004s/helpdata/en/36/fd39eacf4cde4a8fe32d7f29b3db16/frameset.htm

However in case of SSL Termination, the request to your portal from the web dispatcher will be sent as HTTP.

I would recommend you to take a step by step (backward approach).

First, enable SSL on your portal and make sure it works - going directly to the server.

Then, you can introduce the Web Dispatcher - and test if every thing works going through the web dispatcher.

Finally - you can test the end to end flow - with your Reverse proxy involved.

- Shanti

Re: SSL implementation

shankar_agarwal — Fri, 25 Mar 2011 11:30:27 GMT

check this wiki,it explains proxy config in detail.[http://wiki.sdn.sap.com/wiki/display/BSP/Using+Proxies]

Also if you are going for Secured environment,you will have to enable SSL for all the system accessible through portal using SSO.

SSL communication can be a bit slow ,so i won't recommend it for internal facing portal.

Regards