Skip to Content
avatar image
Former Member

Metadata Exchange Using SSL SAP Webdispatceher

Team

We are building a webdsip in DMZ to communicate with PI systems(distributed enviroment) internally. I have few questions on this subject

     1. Internal PI systems already running with Web dispatcher. will it have any other impact if we use another webdisp in DMZ ?

     2. Gone through different links in sdn/help.sap.com on END2END and Decrypt/Encryt method. We were trying to mimic this option with the internal Webdisp before we approach in DMZ.

          2.1 Activated https on Message server and its up and running (ASCS running on different host as we have distributed environment)

          2.2 Activated https on webdisp and now we can login to webdisp on https port (self signed certificate)

Confusion is on the certificates part as we have ssl/server_pse and ssl/client_pse part. Please note we are not going with CA to sign the server certificate and we have only use the untrusted self signed certificates on the both Message Server/Webdisp. Keeping in this mind, can you tell me how do i need o approach on PSe part. How i will import PSE of Wedispatcer in Message server or vice versa ?

Do we need to get the certificates from application server (https is also enable in underlying application servers) ?

Please guide me the correct approach for the above questions.

Thanks

Umesh K

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    Apr 19, 2013 at 04:03 PM

    Hello Umesh,

    You questions regarding the certificates on Web Dispatcher, Message Server and application server side should be answered here:

    http://help.sap.com/saphelp_nw73/helpdata/en/48/86c931e22c3912e10000000a42189b/content.htm?frameset=/en/48/8fe37933114e6fe10000000a421937/frameset.htm

    Specifically in this section:

    "The SAP Web Dispatcher must be able to accept the server certificates from the message server and from the application server. To ensure they are, the certificate authorities (CAs) from the server certificates must be contained as "trusted CAs" in the SSL client PSE of the SAP Web Dispatcher."

    Best regards,

    Tobias

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      All I got the solution and it worked.. I just exported the own certificates of c/s and app server and imported into webdisp client pse (maintain_pk) and worked..

      Thanks to all

      Umesh K