cancel
Showing results for 
Search instead for 
Did you mean: 

Wild Card certificate for Web dispatcher

Former Member
0 Kudos
5,767

Hi Folks,

We are setting up our new WD i.e. of release 741 in our windows 2012 server and now we have to activate https.

Now our Network team is saying they can provide the wild card certifcate (comodo) and that need to be import in the system. Can you please guide me with the steps in this regard.

I am confused now

earlier we used to follow the below steps, but as per the network team, as we have wild card certificate (.pfx) then there is no need to create the certifcate and send it to get signed. We just need to import the certifcate and create credentials.

Install the SAP Cryptographic Library on the SAP Web Dispatcher.


I would appreciate if you can help to get a clear step of configuratuion in this regard.

Thanks & Regards,

Satyabrat

priyas3
Discoverer
0 Kudos

Can you kindly confirm the steps of importing the Wild card SSL certificate in Webdispatcher.

I am facing the same scenario now.

Regards,

Priya

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos
Former Member
0 Kudos

Hi Samuli,

Thanks for the helpful links. In my case I need not to create or generate certificate, as I am getting a certificate (certificate.pfx) from my IT team which is already signed by comodo and its a wildcard certificate.

In this scenario I only have to import the certificate using below command after the installation, and after https should work fine, please correct me if I am wrong or I am missing anything.

sapgenpse import_p12  -p SAPSSLS.pse certificate.pfx



BR,

Satyabrat


Former Member
0 Kudos

Depending on the certificate you may need to also use -r for all intermediate and root certificates, as described in the documents. Once that is done, you will still have to configure credentials as per the Web Dispatcher documentation.

Former Member
0 Kudos

Hi Samuli,

Yes i.e again a point of concern, when I checked with the IT team on the .pfx file, they are saying, the file itself contains intermediate and root certificate in it. I also had checked the same, when I unzip the file I got these certificates.

According to them if I will import the .pfx file all the certificate will get import automatically. and no need to import it individually.

So here the question is whether it works like this. I am not sure on this part.

BR,

Satyabrat

Former Member
0 Kudos

If they are separate files you will have to use -r.

Former Member
0 Kudos

Thanks Samuli

Now I want to access my portal system using webdispatcher,

What are the parameter need to be setup. My profile parameters looks as below but stll I can't access my portal system

# Accesssability of Message Server

#-----------------------------------------------------------------------

rdisp/mshost = <Hostname EnterprisePortal>

ms/http_port = 8101

ms/https_port = 8443

#-----------------------------------------------------------------------

# Configuration for medium scenario

#-----------------------------------------------------------------------

icm/max_conn = 500

icm/max_sockets = 1024

icm/req_queue_len = 500

icm/min_threads = 10

icm/max_threads = 50

mpi/total_size_MB = 80

#-----------------------------------------------------------------------

# SAP Web Dispatcher Ports

#-----------------------------------------------------------------------

icm/server_port_0 = PROT=HTTP,PORT=6666

#icm/server_port_1 = PROT=HTTP,HOST=localhost,PORT=81$$

icm/HTTP/admin_0 = PREFIX=/sap/admin,DOCROOT=$(DIR_DATA)$(DIR_SEP)icmandir,AUTHFILE=$(icm/authfile),PORT=81$$

icm/server_port_1 = PROT=HTTP,PORT=7777,TIMEOUT=900,PROCTIMEOUT=900

icm/server_port_2 = PROT=HTTPS,PORT=8443,TIMEOUT=900,PROCTIMEOUT=900

icm/keep_alive_timeout = 900

icm/host_name_full = <Hostname webdisptacher>.abc.com

#-----------------------------------------------------------------------

# Start webdispatcher

#-----------------------------------------------------------------------

_WD = $(DIR_EXECUTABLE)\sapwebdisp$(FT_EXE)

Start_Program_00 = local $(_WD) pf=$(_PF)

SETENV_01 = SECUDIR=$(DIR_INSTANCE)/sec

#---------------------------------------------------------------------------------------

# Parameters for the SAP Cryptographic Library

#---------------------------------------------------------------------------------------

ssl/ssl_lib = E:\usr\sap\QWT\W01\sec\sapcrypto.dll

ssl/server_pse = E:\usr\sap\QWT\W01\sec\SAPSSLS.pse

#_-----------------------------------------------------------------------

I can access my system through url

<Hostname webdisptacher>.abc.com:50000/irj/portal

Thanks & Regards,

Satyabrat

Former Member
0 Kudos

Create a new discussion thread, that's a different problem. When you do also share the exact version of Web Dispatcher you are using (including patch level) and maybe describe your landscape and what exactly you are trying to achieve.

Answers (1)

Answers (1)

0 Kudos

1. backup current PSE file

<hostname>:/usr/sap/<SID>/W00/sec # cp SAPSSLS.pse SAPSSLS.pse.bak

2. upload new PSE file (2148457 - How to convert the keypair of a PKCS#12 / PFX container into a PSE file)

3. restart Web dispatcher