How to Configure SAP Web Dispatcher to Forward SSL Certificates for X.509 Authentication
Summary of Necessary Configuration Steps –
@Web Dispatcher:
– SAPSSLS.pse has to be signed by a trusted certificate authority.
– Certificate of certificate authority that signs client certificates has to be imported in list of trusted certificates in SAPSSLS.pse.
– icm/HTTPS/verify_client must not be set to 0.
– icm/HTTPS/forward_ccert_as_header must not be set to FALSE.
@Backend system – application server:
– Certificate in SAPSSLC.pse of Web Dispatcher (or its CA certificate) has to be imported in list of trusted certificates in SAPSSLS.pse of application server.
– icm/HTTPS/verify_client must not be set to 0.
– Certificate in SAPSSLC.pse of Web Dispatcher has to be added to list of trusted reverse proxies in icm/trusted_reverse_proxy_<xx>.