cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSL configuration requirement

Go to solution
Former Member

on ‎01-07-2015 1:57 PM

0 Kudos

Dear Folks,

Assume that I have web-dispatcher (ABC server) and ECC system (XYZ server) or JAVA systems(PQR) with multiple application servers.

I want to enable end users to use Webdynpro ABAP application or SAP GUI for HTML or simply JAVA servers access (like EP for JAVA applications). Here load balancing (by the virtue of reverse Proxy) is done using web-dispatcher.

I am considering SSL configuration for secured communication.

Question:

Do I need to apply SSL certificate on Web-dispatcher only; or on each backend server; or on both(web dispatcher and backend) ?

Is it possible that I only apply SSL on web-dispatcher and end users access ABC server and requests gets routed to backend (XYZ or PQR) server and still my security requirement is fulfilled?

I have seen that organization apply SSL on reverse proxy server (apache or web-dispatcher) and on backend systems also.

Is it required to meet security need ?

Regards,

Arthur Rodrigues

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

TomXing
Contributor
‎01-09-2015 8:37 AM
0 Kudos

Hi Arthur,

Please see below help doc:

SAP Web Dispatcher and SSL - SAP Web Dispatcher - SAP Library

HTTPS - HTTPS definitely works 'in secure way'.

HTTPS - HTTP, I think URL rewriting (not redirecting) will also meet the security needs.

BR, Tom

Show replies
Show replies
Former Member
‎01-09-2015 10:40 AM
0 Kudos

dear Tom,

"HTTPS - HTTP, I think URL rewriting will also meet the security needs"

so does that mean : Apply SSL on webdispatcher and then only rewrite it to http://backendserver.domain.com/webdynproapplication and it shall communicate data secure way over internet? is it that we need not buy wildcard ssl certificate; only normal ssl certificate will do. ?

Regards,

Arthur Rodrigues

TomXing
Contributor
‎01-11-2015 4:44 AM
0 Kudos

Hi Arthur,

Afaik it is possible to hide the http traffic behind one single entry point (WDP).

But I'm afraid it requires not only URL rewriting from WDP.

Think about the situation where EP might return a URL of ABAP or EP itself with intranet URL.

On Java side, you need to set proxy mappings

Configuring Reverse Proxy Servers - Administration - SAP Library

If you have PI Java, there'll be additional settings for PI apps.

I'm not very familiar with ABAP side. Perhaps you need to look into HTTPURLLOC.

In this scenario, HTTPS is only between browser and WDP. Hence you should not need other SSL certificates.

BR, Tom

Former Member
‎01-12-2015 4:52 AM
0 Kudos

thanks Tom,

WDP can be used for reverse proxy so I think after that if I apply SSL then it shall serve the purpose.

your answer solves my query. apply SSL on webdispatcher and configure the webdispatcher for reverse proxy also . this will in total get my incoming/outgoing traffic secured.

Regards,

Arthur

Answers (0)

Ask a Question