on 2017 Oct 26 7:40 PM
Hi,
I need to use SAP Web Dispatcher as redirect for BPC systems.
I could to set up following:
PRODUCTIVE: https://webdisp:7777/sap/bpc/web --> webdisp redirect to --> http://prdbpc:8000/sap/bpc/web
QUALITY: https://webdisp:8888/sap/bpc/web --> webdisp redirect to --> http://qasbpc:8000/sap/bpc/web
My web dispatcher configuration:
wdisp/system_0 = SID=PRD, MSHOST=PRDbpc, MSPORT=8101, SRCSRV=*:7777, SSL_ENCRYPT=0
wdisp/system_1 = SID=QAS, MSHOST=QASbpc, MSPORT=8101, SRCSRV=*:8888, SSL_ENCRYPT=0
icm/server_port_0 = PROT=HTTPS,PORT=7777, TIMEOUT=340,PROCTIMEOUT=600
icm/server_port_1 = PROT=HTTPS,PORT=8888, TIMEOUT=340,PROCTIMEOUT=600
At first time I have certificate error in browser, then I install certificate via browser and all works fine.
But many users often confused between Prod and Quality system, because URL is very similar. (difference only in port)
Our consultants asks about url like:
https://PRD.webdisp:7777/sap/bpc/web
https://QAS.webdisp:7777/sap/bpc/web
(it's really more usability)
I tried to setup it via rules:
if %{HTTP_HOST} regimatch PRD.webdisp*
SetHeader x-sap-webdisp-target-sid PRD [break]
if %{HTTP_HOST} regimatch QAS.webdisp*
SetHeader x-sap-webdisp-target-sid QAS [break]
URL opens fine, but I have certificate error in browser:
I tried to many time to install certificate via browser, but it still getting error about untrusted site.
I could click to "Countinue to this website (not recommended)", but then I cannot run EPM add-in:
As I know my browser doesn't accept certificate because I use hostname in url Prd.webdisp whereas true hostname is 'webdisp'.
Help me please, how can I setup "normal" https connection to my bpc systems?
Thanks...
Hello,
You will have to create to certificates, and configure the Web Dispatcher to use one for the production hostname and the other for the quality hostname.
In addition, you do not need to use the modification rules do determine which backend system (prod or QA) should take the request.
Check out the WIKI pages below.
Cheers!
Isaías
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
it's me again.
I got new problem, I need to establish connection between Tomcat application (SAP FIM, http) --> WebDisp (httpS)-->BPC(http).
When I use HTTP on WebDisp side, all works fine, but when I tried to use https on Webidsp I got errors -
On Tomcat (FIM) side:
com.ctc.wstx.exc.WstxIOException: java.security.cert.CertificateException: No X509TrustManager implementation available
On WebDisp side:
[Thr 140080339609344] SSL_get_state()==0x1180 "TLS read client certificate A"
[Thr 140080339609344] *** ERROR during secussl_read() from SSL_read()==SSL_ERROR_SSL
[Thr 140080339609344] srv SSL session PSE "/usr/sap/WBC/W00/sec/bpc.pse"
[Thr 140080339609344] session ciphersuites=HIGH:PFS:MEDIUM:+e3DES:!aNULL
[Thr 140080339609344] Server SSL_CTX 7f66f8203060 pvflags=897 (TLSv1.2,TLSv1.1,TLSv1.0,BC)
[Thr 140080339609344] secussl_read: SSL_read() failed (536875078/0x20001046)
[Thr 140080339609344] => "received a fatal TLS certificate unknown alert message from the peer"
[Thr 140080339609344] >> ---------- Begin of Secu-SSL Errorstack ---------- >>
[Thr 140080339609344] 0x20001046 | SAPCRYPTOLIB | SSL_read
[Thr 140080339609344] SSL API error
[Thr 140080339609344] received a fatal TLS certificate unknown alert message from the peer
[Thr 140080339609344] 0xa0600263 | SSL | ssl3_read_bytes
[Thr 140080339609344] received a fatal TLS certificate unknown alert message from the peer
[Thr 140080339609344] 0xa0600263 | SSL | ssl3_accept
[Thr 140080339609344] received a fatal TLS certificate unknown alert message from the peer
[Thr 140080339609344] 0xa0600263 | SSL | ssl3_read_bytes
[Thr 140080339609344] received a fatal TLS certificate unknown alert message from the peer
[Thr 140080339609344] << ---------- End of Secu-SSL Errorstack ----------
[Thr 140080339609344] SSL NI-hdl 85: local=192.168.88.31:7777 peer=192.168.88.124:64613
[Thr 140080339609344] <<- ERROR: SapSSLSessionStartNB(sssl_hdl=7f66ec0008c0)==SSSLERR_SSL_READ
[Thr 140080339609344] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStartNB returned (-58): SSSLERR_SSL_READ [icxxconn.c 1894]
My WebDisp configuration now:
wdisp/system_0 = MSHOST=bwbpcdev, MSPORT=8101, SID=DBC, SRCVHOST=bpc.bobpcwd:7777, SSL_ENCRYPT=0
icm/server_port_0 = PROT=HTTPS,PORT=7777, TIMEOUT=340,PROCTIMEOUT=600, SSLCONFIG=ssl_config_0
ssl/server_pse = bpc.pse
icm/ssl_config_0 = CRED=bpc.pse
On tomcat (FIM) side I added bpc.pse certificate to keystore.
I check ICM log on BPC side - it's clear.
Looks like Tomcat (FIM) cannot understand WebDispatcher TLS protocol.
Can you help me please?
Hello Daulet,
Since this is a new issue, you should create a new question in the community.
Anyway, the error seems to be:
received a fatal TLS certificate unknown alert message from the peer
Please verify whether this SAP WIKI page can help you.
Best regards,
Isaías
Hi Isaias, thanks for help.
I created new question in the community
https://answers.sap.com/questions/355467/connection-between-sap-fim-tomcat-and-bpc-nw-throu.html
can you look at that?User | Count |
---|---|
71 | |
10 | |
8 | |
7 | |
6 | |
6 | |
6 | |
6 | |
6 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.