cancel
Showing results for 
Search instead for 
Did you mean: 

purchasing 2 certificates for SSL ( EP7.0 on MSCS)

Former Member
0 Kudos

Dear Gurus,

I installed EP 7.0 sr3 on MSCS.

So do we need to purchase 2 certificates for SSL.( node1 and node2).

Do I need to install the Certificate for client and server.

Can any body provide the solution

Regards

Rao.

Edited by: Rao on Jun 22, 2009 12:45 PM

Edited by: Rao on Jun 25, 2009 8:38 AM

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Hi Rao,

Create a single certificate issued to the Load Balancer URL(since you are using a cluster) and import the certificate in both the nodes.

Revert if this is unclear

Regards

niklas_gussek
Explorer
0 Kudos

Hi Rao,

I think as long as the certificate is from a trusted CA, you just have to install the certificate on the servers.

Best regards,

Niklas

Former Member
0 Kudos

Thans for reply

My questions is do I need to bie 2 Certificates for 2 systems(SAP MSCS)

Node1 and node2.

Do I need to install the CA on both the nodes.

Regards

Former Member
0 Kudos

Hi Buddy,

Do throw some light on the architecture of your landscape. Without a clear picture of that it would be difficult coming up with answers.

From what you have posted, I understand that you have 2 nodes on MSCS. I guess you would also have a web dispatcher installed ahead of these 2 nodes to take care of load balancing and other tasks. I think if you install the SSL certificate on the dispatcher node and then choose either to have end to end SSL or terminate the SSL there itself.

If you havent already seen this, do have a look at this link

http://help.sap.com/saphelp_nw70/helpdata/en/d8/a922d7f45f11d5996e00508b5d5211/frameset.htm

Thanks,

GLM

Former Member
0 Kudos

Thanks for reply

Now I will explain in detail

I have installed EP 7(netweaver 2004s) on windows 2003 With DB2.

This is installed on MSCS.

In node1 (Is having CI) and Node having Dialog instance.

In the same node1 I installed Web Dispatcher 7.00.

I follwed the note number 834184 to install Web dispatcher.

installation finished..

if run the url http://virtualnetworkname:8206

these are the parameters I have given in wd.pfl

#--- Instance specific parameters

SAPSYSTEMNAME = <SID>(the same sid of central instance)

INSTANCE_NAME = W05

SAPSYSTEM = 06

SAPGLOBALHOST = <virtulanetworkname)

SAPLOCALHOSTFULL = <fully virtual network name)

  1. Example: SAPLOCALHOST=vwdisphost.sap.com

SAPLOCALHOST = <virtual networkname>

#--- SAP Web Dispatcher-specific parameters

icm/server_port_0 = PROT=HTTP, PORT=8206,TIMEOUT=30,PROCTIMEOUT=600

rdisp/mshost = <hostname of node1>

ms/http_port = 8100

icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=./admin

-


it is connecting to node1.

if I run sapwebdisp pf=/usr/sap/wd -checkconfig

giving error

sapwebdisp=>sapparam(2): fopenU("R:\usr\sap\wd","r"): Permission denied

Checking SAP Web Dispatcher Configuration

=========================================

maximum number of sockets supported on this host: 8192

Server info will be retrieved from host: : with protocol: http

Checking connection to message server...

ERROR: Connection to message server failed: NIESERV_UNKNOWN

I am pasting dev_webdisp also

[Thr 3680] started security log to file dev_icm_sec

[Thr 3680] SAP Web Dispatcher running on: fully quilified virtual webdispatcher hostname

[Thr 3680] MtxInit: 30001 0 2

[Thr 3680] IcmInit: listening to admin port: 65000

[Thr 3680] IcrCoreInitSessionTable: Session table initialized

[Thr 6792] *** WARNING => HttpPlugInInit: Parameter icm/HTTPS/trust_client_with_issuer or icm/HTTPS/trust_client_with_subject not set => do not trust any intermediary

X.509 cert data will be removed from header [http_plgrt.c 743]

[Thr 6792] *** WARNING => HttpAdmHandlerInit: archive
virtualwebdispatchername\sapmnt\<SID>\SYS\exe\run/wdispadmin.SAR does not exist [http_adm.cpp 290]

[Thr 6792] *** WARNING => HttpAdmHandlerInit: archive ./wdispadmin.SAR does not exist - nothing extracted [http_adm.cpp 305]

[Thr 6792] HttpSubHandlerAdd: Added handler HttpAdminHandler(slot=0, flags=4101) for /sap/wdisp/admin:0

[Thr 6792] CsiInit(): Initializing the Content Scan Interface

[Thr 6792] PC with Windows NT (mt,unicode,SAP_CHAR/size_t/void* = 16/64/64)

[Thr 6792] CsiInit(): CSA_LIB = "
virtualwebdispatchername\sapmnt\<SID>\SYS\exe\run\sapcsa.dll"

[Thr 6792] *** ERROR => DlLoadLib: LoadLibrary(
virtualdispatchername\sapmnt\<SID>\SYS\exe\run\sapcsa.dll) Error 126 [dlnt.c 237]

[Thr 6792] Error 126 = "The specified module could not be found."

[Thr 6792] *** ERROR => HttpAuthHandlerInit: url: / -> failed -> content filter deactivated [http_auth.c 319]

[Thr 6792] HttpSubHandlerAdd: Added handler HttpAuthHandler(slot=1, flags=12293) for /:0

[Thr 6792] HttpSubHandlerAdd: Added handler HttpWebDispHandler(slot=2, flags=28677) for /:0

[Thr 6792] Started service 8206 for protocol HTTP on host "fully virtualwebdispatchername"(on all adapters) (processing timeout=600, keep_alive_timeout=30)

[Thr 3680] IcmCreateWorkerThreads: created worker thread 0

[Thr 3680] IcmCreateWorkerThreads: created worker thread 1

[Thr 3680] IcmCreateWorkerThreads: created worker thread 2

[Thr 3680] IcmCreateWorkerThreads: created worker thread 3

[Thr 3680] IcmCreateWorkerThreads: created worker thread 4

[Thr 3680] IcmCreateWorkerThreads: created worker thread 5

[Thr 3680] IcmCreateWorkerThreads: created worker thread 6

[Thr 3680] IcmCreateWorkerThreads: created worker thread 7

[Thr 3680] IcmCreateWorkerThreads: created worker thread 8

[Thr 3680] IcmCreateWorkerThreads: created worker thread 9

[Thr 3492] IcmWatchDogThread: watchdog started

[Thr 6384] Mon Jun 29 18:21:00 2009

[Thr 6384] *** ERROR => NiPConnect2: SiPeekPendConn failed for hdl 4 / sock 32876

(SI_ECONN_REFUSE/10061; I4; ST; iaddressofnode1:8100) [nixxi.cpp 2823]

[Thr 6384] *** ERROR => Connection request from (-1/65535/0) to host: hostnamenode1, service: 8100 failed (NIECONN_REFUSED) [icxxconn.c 2738]

[Thr 6384] *** ERROR => IcmConnClientRqCreate() failed (rc=-8) [icrxx.c 5284]

[Thr 6384] *** ERROR => Could not connect to SAP Message Server at hostnamenode1. URL=/msgserver/text/logon?version=1.2 [icrxx.c 2634]

[Thr 6384] *** ERROR => rc=-1, HTTP response code: 0 [icrxx.c 2635]

To configure Web dispatcher do I need SSL.

Please can You check this.

Regards

Can I install Web Dispatcher on the same server(node1) or I have to install Web dispatcher on the another server.