Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
Showing results for 
Search instead for 
Did you mean: 
Active Contributor
Recently I came across situation where I need to configure my SAP Web Dispatcher to SSL and in order to perform testing I have to start with my sandbox environment. When you talk about SSL it has approximately $250.00 price tag associated with certificate for your each environment.

Now my challange was to get this testing done as soon as possible with free of cost and users should not get certificate errors when accessing from internet or intranet.

Let me share what type of architecture I have


Now lets start configuring SAP Web Dispatcher for SSL

Creating PSE file for SAP Web Dispatcher

  • Create PSE as shown below…(just for an example)

  • Now you have PSE created as below


Requesting Certificate

Note: Open firewall port 80 for your SAP web dispatcher prior steps below

Note: This can be done via with similar steps

  • Provide website URL as below

  • Click On Manual Verification

  • Click on Manually Verify Domain

  • Now will be on screen below


  • Click on step 1. Download File #1


  • Once you save this file it will be long name like - XXXXXXXXXXXXXXXXXXMYFV03nUWvwX8ksFo


  • Now add below to you SAP Web Dispatcher instance profile petameter

# SSL Letsencrypt
icm/HTTP/redirect_0 = PREFIX=/.well-known/acme-challenge/XXXXXXXXXXXXXXXXXXMYFV03nUWvwX8ksFo, TO=/sap/wdisp/admin/public/.well-known/acme-challenge/XXXXXXXXXXXXXXXXXXMYFV03nUWvwX8ksFo

  • Copy this file in to location below on your SAP Web Dispatcher installation ….



Note: You need to create folders manually

Tip: Use command prompt to create folders

  • Now restart your SAP Webdispatcher


  • Now you should able to access this URL shown on page … example below



For new version of SAP webdispatcher (Version 7.77 and UP) you need to modify admin parameter as below to access URL without WEBADM username and password
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=$(DIR_DATA)$(DIR_SEP)icmandir,AUTHFILE=$(icm/authfile),ALLOWPUB=TRUE




  • Now Click Download SSL Certificate

  • On next screen you will see all three certificates been generated… as below and Download All SSL Certificate files


  • Save file


  • Extract file and you will have files as below


Extract Root Certificate from Certificate.crt file

  • Open certificate.crt and click on Certification Path TAB

  • Highlight DST Root CA X3 and click View certificate and go to Details tab and Click Copy to File

  • Save as DER encoded…

  • Save as Root certificate

  • Now you have certificate as below


Install OPENSSL in to your local computer/PC


You need to install openssl software prior you go to next step in your local computer

You can download for windows from :

Note: Get 64x if possible


Once you install you will able to run openssl command as below


Working with files to generate SAPSSLS.pse file

Note: Make sure SECUDIR is setup properly on your server with sidadm user account

  • Run following command

openssl pkcs12 -export -out certificate.pfx -inkey private.key -in certificate.crt  -certfile ca_bundle.crt

Note: No password required…

  • You have new file created as below  Certificate.pfx

  • Delete or rename SAPSSLS.pse file from sec folder…


  • Copy Root.cer, certificate.pfx and ca_bundle.crt to X:\usr\sap\SID\W00\sec folder


  • Run command as below as login <sidadm>

sapgenpse import_p12 -r ca_bundle.crt  -r root.cer -p SAPSSLS.pse certificate.pfx

  • This will crate pse file as below


Restart SAP Webdispatcher and now you see that your certificate is issues by Let’s Encrypt authority



Hope you enjoy reading this technical document and last note... Make sure to revert your profile parameter in your SAP instance profile and disable firewall port 80

We do not have HTTP port enable on our SAP Web Dispatcher

Thank you

Yogesh Patel
Labels in this area