cancel
Showing results for 
Search instead for 
Did you mean: 

Recommendation on end-to-end SSL and certs

Former Member
0 Kudos

Dear SDN,

I am using an ep6 sp13 setup with

1 box in DMZ (web dispatcher and wgate for ITS)

1 portal CI behind firewall

1 portal DI behind firewall

I am looking to use a verisign cert on the DMZ box, so as to protect my ITS content,

Qestions are:

Can I get away with just using a cery for the web dispatcher? can I use end-to end ssl if I choose to use the same cert for my ITS?

Thanks

Jeremy

Accepted Solutions (0)

Answers (3)

Answers (3)

jochen_rundholz
Active Participant
0 Kudos

Hi,

the link above is not to End-to-End SSL but to SSL re-encyrption.

For End-to-End SSL you need the server certificate on the J2EE system, the web dispatcher doesn't do any SSL operation in this case. Remember that your client talks to the web dispatcher, thus the cert for the J2EE must have the name of the web dispatcher (the CN), otherwise your browser brings up a warning.

Furhtermore someone mentioned that you need to have the same FQDN if you want to use the same certificate for differnt servers. This is not entirly ture, since a certificate can contain a wildcard. At least some CAs issue them, but then they are more expensive.

Regards,

Jochen

Former Member
0 Kudos

The thing is, if you use end to end ssl, isnt the cert coming from the j2ee and not the web disp?

Thanks

Former Member
0 Kudos

It would be the exact same cert coming from both.

http://help.sap.com/saphelp_nw04/helpdata/en/39/09a63d7af20450e10000000a114084/frameset.htm

Regards,

Patrick

Former Member
0 Kudos

Jeremy,

of course you can use the same cert for both web dispatcher and wgate - as long as both systems share the same hostname (FQDN). If not, for at least one system the CN from the certificate would not match the FQDN causing the user's browser to show a warning.

Regards,

Dominik