Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
cancel
Showing results for 
Search instead for 
Did you mean: 
former_member290907
Participant
5,443

Purpose


The goal of this blog post is to provide the steps which are necessary to configure the SSL termination scenario on web dispatcher integrated into SCS instance in process orchestration (as Java).

Overview


The blog post includes the configuration of the web dispatcher into an existing SCS instance running on NW 7.5 (as Java) system along with SSL termination configuration to access PO tools such as enterprise service repository, integration directory, process monitoring and SLD using HTTPS protocol

Prerequisites



  • SAP process orchestration server is installed

  • SAP cryptographic library is already installed


Steps To Configure Integrated Web Dispatcher


1. Profile Parameters


Following parameters need to be updated in SCS instance profile to setup the integrated web dispatcher into existing SCS instance.

  • _CPARGX = list:$(DIR_CT_RUN)/webdispinst.lst

  • Execute_<xx> = immediate $(DIR_CT_RUN)/sapcpe$(FT_EXE) pf=$(_PF) $(_CPARGX)

  • _WD = wd.sap$(SAPSYSTEMNAME)_$(INSTANCE_NAME)

  • Execute_<xx> = local rm -f $(_WD)

  • Execute_<xx> = local ln -s -f $(DIR_EXECUTABLE)/sapwebdisp$(FT_EXE) $(_WD)

  • Restart_Program_<xx> = local $(_WD) pf=$(_PF)

  • wdisp/system_0 = SID=<SID>, MSHOST=<hostname>, MSPORT=81<inst_no>, SRCSRV=*:<disp_port_no>, SRCURL=/

  • icm/authfile = /usr/sap/<SID>/SYS/global/security/data/icmauth.txt

  • icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=$(DIR_DATA)$(DIR_SEP)icmandir,AUTHFILE=$(icm/authfile)

  • icm/max_conn = 500

  • icm/server_port_0 = PROT=HTTPS,PORT=<disp_port_no>


Please do adjust serial number XX in SCS profile

2. Extract Sapwebdisp SAR file


Download SAP web dispatcher SAR (version must be equal or greater than system kernel version) from service marketplace and extract it in kernel directory

3. SCS instance Restart


After restart, sap web dispatcher service will be visible running in SCS instance

 

Steps To Configure SSL Termination


1. Update Profile Parameter in SCS Profile


Update following SSL parameters in SCS instance profile and take dispatcher restart from admin console to activate them

  • wdisp/add_client_protocol_header = true

  • wdisp/handle_webdisp_ap_header = 1

  • wdisp/add_xforwardedfor_header = true

  • wdisp/ssl_encrypt = 0

  • wdisp/ssl_auth = 1

  • icm/HTTPS/verify_client = 1


2. Generate CSR Request


Login to SAP web dispatcher admin console and create new PSE as per the SAP system FQDN.

Generate the CSR and get it signed by authorized CA then import the response using dispatcher console.

3. Execute Dispatcher Profile Check


Execute the command sapwebdisp pf=<scs_instance_profile> -checkconfig

Make sure there shouldn't be any error/warning in dispatcher profile check

Execute the NWA url with web dispatcher HTTPS port and you will find that certificate status is Ok

Steps to activate HTTPS for PO Tools


Login to NWA and modify the exchange profile properties



  1. Login to NWA and access the Java system properties under configuration tab.

  2. Search for "XPI Service: AII Config Service" in services tab

  3. Select the below parameters (related to ESR and IR tool) and change the ICM port to dispatcher HTTPS port





    • com.sap.aii.connect.repository.httpsport 

    • com.sap.aii.connect.directory.httpsport




4. Select the parameter "com.sap.aii.connect.secure_connections" and change its value to        all (Restart is not required).


Now, all the required PO tools will be accessible through HTTPS protocol running with web dispatcher port defined in SCS profile

Conclusion


In this blog post I have explained in detail about SSL termination setup on SAP Web Dispatcher Integrated into Process Orchestration SCS Instance with relevant screen shots. I would conclude this blog by highlighting an important fact that SSL termination scenario establish the communication channel between web dispatcher and application server on HTTP protocol which means that unencrypted request will be forwarded from web dispatcher to the Application server.

 

 

 

 

 
4 Comments
Labels in this area