cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HTTPS configuration

Go to solution
Former Member

on ‎07-20-2016 12:29 PM

0 Kudos

Hello Experts,

I have activated HTTPS in my ABAP system recently and I could see that HTTP and HTTPS are enabled in my system using transaction smicm --> Go to --> services.

And one of my Webdynpro Application configured as a service in SICF transaction.

Before we activated HTTPS, one of the webdynpro application uses only HTTP and it was working well.

But after activation of HTTPS, this application first open in SAP http://<saphost:8000>/sap/bc/webdynpro/app 

and then automatically it routes to HTTPS in webbrowser.  https:////<saphost:443>/sap/bc/webdynpro/app

We get the SSL certificate error after opening https.

My questions are:

1. Can we disable only this particular application not to route to HTTPS whenever there is a http request for this application.

2. What are all the different ptions to solve SSL certificate error? fyi. this application is used by many people across the world.

Regards,

Eswaran

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member182967
Active Contributor
‎07-20-2016 2:53 PM
0 Kudos

Hi Karthick,

If you want to disable HTTPS for particular web service, then try to switch protocol to HTTP with the following method.

1. Double click the specific web service under /sap/bc/webdynpro/app

2. In tab Error Pages, click Configuration in system logon.

3. Select Do Not Switch in Protocol of Actions During Logon area.

Regards,

Ning

Show replies
Show replies

Answers (2)

Answers (2)

Former Member
‎07-22-2016 1:40 PM
0 Kudos

Thank for everyone who answered to this Thread.

I have got the solution for both the questions.

1. HTTP to  HTTPS switch happens by default in any webservices configured in the system.

This can be disabled as explained by Ning Tong.

2. Solving the certificate error in client Browser

  a. Create certificate Request and send it to CA. Import the Signed Certificate to SAP.

  b. The tricky part is to create a Trust Center in STRUST and go to Certificate --> Database --> and add your customer namespace for Root Certificate Import.

  c. Then export the root certificate to this customer CA

after this when I tested in browser it worked. the above step is documented by SAP.

Thank you again. Have a nice and bugfree weekend.

Show replies
Show replies
Johan_sapbasis
Active Contributor
‎07-20-2016 12:56 PM
0 Kudos

Hi,

Now you will have to add an SSL sertificate to your strust. Then you will need to restart the ICM service and the error will go away. Who is your organizations CA cert provider? Maybe you have one internally?

The behaviour you are describing is standard.

You if you SSL is not going outside of the company you can also generate your own SSL cert for internal network use.

Follow note:

510007 - Setting up SSL on Application Server ABAP

For troubleshooting:

2181120 - Tracing and troubleshooting security events in http communication with the AS ABAP

For logging OSS to SAP:

1799620 - Logs required for analysis of SSL related issues.


Kind Regards,


Johan

Show replies
Show replies
Former Member
‎07-20-2016 1:11 PM
0 Kudos

Hi

Please go through below thread and wiki

Webdynpro should use HTTPS | SCN

Troubleshooting Guide - How to troubleshoot the SSSLERR_PEER_CERT_UNTRUSTED (peer certificate (chain...

Regards

Prithviraj

Former Member
‎07-21-2016 10:15 AM
0 Kudos

Hello Nicolaas,

Can you please let me know, which type of Certificate to be imported in to SAP System for SSL Handshake.

And what is the extension of this certificate.

CA Authority in my company has created the SSL certificate but when I try to import it in to my system, I get the error. Certificate can not be imported.

So it looks like there is a problem with the type of the certificate created by our Internel CA.

Thank you.

Regards,

Eswaran

Johan_sapbasis
Active Contributor
‎07-21-2016 6:06 PM
0 Kudos

Hi,

Did you create the certificate request from your PSE and then send that to them?

From there they will in turn then have to send you a certificate based on the request as a reply.

Follow How to Switch to HTTPS Transport Layer Security | SCN

Kind Regards,

Johan

Ask a Question