We have configured a external facing webdisp in dmz with a different domain name.

Webdisp -webdisp.external.com( signed certificate )

Fiori Server -frontend. Interal.com

Backend – backend.internal.com

When I connect usingFiori URL form frontend, everything works as it suppose to be.

When I connect from webdisptcher URLand run a webgui tile it says“backend.internal.com”dns entry not found. The backend and Frontend is not exposed to internet and only webdisp is exposed.

I am not sure why its asking backend url. It seems it not forwarding the x 509.But I changed to ssl encrypt =0 still no luck.

For a change I tried all domain names same but from external site it says backend host name not found.

My profile

wdisp/system_0 = SID=FIO, NR=00, MSHOST=frontend.internal.com , MSPORT=8101, SSL_ENCRYPT=1, SRCSRV=*:*, SRCURL=/sap/bc/ui5_ui5/;/sap/bc/ui2/;/sap/bc/lrep;/sap/opu/odata;/sap/bc/nwbc/;/sap/public/;/sap/bc/bsp;/sap/saml2

wdisp/system_1 = SID=S4H, MSHOST=backend.internal.com , MSPORT=8101, SSL_ENCRYPT=1, SRCSRV=*:*, SRCURL=/sap/public/;/sap/bc/webdynpro/;/sap/es/;/sap/bc/;/sap/bw/ina;/sap/bw/Mime/DS/Content

icm/HTTPS/verify_client = 1

wdisp/ssl_encrypt = 2( tried 0 / 1)

wdisp/ssl_auth = 1

wdisp/add_client_protocol_header = 1

wdisp/ping_protocol = https

icm/HTTPS/verify_client = 1

wdisp/system_conflict_resolution = 1

I have exchanged all the required certificates but still having problem. I have not configured the client certificate user mapping using CERTRULE. Do I need to do that? How can I bypass that and still have https working?

What is that I am still missing.