Purpose

This document explain how to configure the Web Dispatcher to trust in the backend systems over SSL Certificate.

Overview

The SAP Web Dispatcher currently does not trust the application servers and as a consequence is not able to forward the received HTTP request to the application server.

To establish a SSL connection the client has to trust the server. The client checks whether the server can be trusted by comparing the server’s SSL certificate and the certificates in its certificate chain to a list of configured certificates that can be trusted. If the server offers a certificate that is not in this list and whose root CA’s and intermediary CA’s certificate are not in this list, the client will not trust the server and will abort the SSL handshake.

Browsers have to deal with this issue, too. But all browsers are delivered with a predefined list of trusted root CAs. Because of this the browser trusts all servers with a certificate that has been signed by one of the major root CAs.

The list of trusted certificates of the Web Dispatcher is initially empty because of security reasons. It is a task of the administrator to configure the list of trusted endpoints manually.

SAP Web Dispatcher SSL Trust Configuration

Click in the following link to see how to configure WebDispatcherSSLTrustConfiguration.pdf

Observation: although the document refers to ABAP backend systems, the same procedure works for Java backend systems.

Related Content

Related Documents

Managing PSE files at the Web Dispatcher

Related SAP Notes/KBAs

SAP KBA 2160678: SSO stops working when configuring the "icm/HTTPS/trust_client_with*" parameter