Switching from http to https

Private_Member_742467 · ‎2015 Mar 03

Hi,

Our management wants to switch all services from http to https. What does this implies from SAP Basis point of view? We have a complex landscape, with Java portals, ABAP systems, dual-stack systems etc. I searched the internet regarding this subject and found something related to switching the access ports and installing some SSL certificates. Is this all we need to do or there is something else? A full documentation would help alot.

Many thanks.

Former Member · ‎2015 Mar 03

The biggest decision you have to make is where to maintain the SSL certificates and how, e.g. are the certificates signed by a trusted root authority or by a certificate trusted only within your company. Since you mention that your landscape is complex, I would look into setting/enabling PKI for your landscape. You might also be interested in SSO solutions since they make the transition easier, most of them have options for automatic SSL certificate provisioning.

Private_Member_742467 · ‎2015 Mar 03

Hello Samuli,

Thank you for your reply. We already use SSO solutions. The certificates will be signed by a trusted root authority.

Maybe I did not put the correct question. What I want to know is what are the steps to implement https, like:

1. installing Sap Webdispatcher

2. configure SSL

3. create the certificate signed by a Certification Authority

4. modify ICM parametters

....

........and so on.

I need an exact procedure, what to check and what I need to install.

Thank you.

Former Member · ‎2015 Mar 03

The next decision you have to make is where to terminate SSL. If you choose to support SSL in all involved SAP systems, the undertaking is considerable. Most customers choose to terminate SSL in either a hardware or software proxy, such as the Web Dispatcher, for the very reason. Instead of having to maintain tens or hundreds of certificates, you will maintain the certificates only on the reverse proxy. There are many blogs and documents on SCN on how to setup SSL for various SAP products so no need to repeat the information here. One take away I have for you is that even if you terminate SSL in a reverse proxy, most SAP systems still need additional configuration steps so that correct URLs will be generated, URLs that point to the reverse proxy instead of the SAP system itself (see HTTPURLLOC and ProxyMapping for details). At least AS JAVA and AS ABAP both require that you to enable HTTPS even if HTTPS is terminated in a reverse proxy, otherwise HTTPS URLs can't be generated.

Former Member · ‎2015 Mar 03

Hello Gabriel,

You wont find a one stop shop guide to implementing SSL in the ABAP+JAVA world but a collection of docs that will help you do it.

Setting up SSL on JAVA or ABAP is a fairly painless task and there are plenty of guides that will help you with that. eg: (just a small sample)

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/964f67ec-0701-0010-bd88-f995abf4e...

Just take into account that depending on the version of your systems some steps will be different.

Also bear in mind that your question poses a lot of questions.

eg:

If a user connects to the HTTP port, I assume you'd want the request automatically redirected to the HTTPS port.

Do you use virtual addresses ? eg: http://myportal.mycompany.com ?

Do you use software or hardware based load balancers (bluecoat, netscaler, SAP WD) ?

Do you use reverse proxies ?

Your connections are only in intranet or from internet also ?

You see what I'm getting at in terms of questions .......

I hope my little contribution above helps gives you some guidance.

Kindest Regards,

Amerjit

By Category

Related Content

Activity Groups

Industry Groups

Influence and Feedback Groups

Interest Groups

Location Groups

Customer Only Groups

Forums

Related Resources

Products

Learning and Support

About

My Account

My Account

Switching from http to https