As per SAP best practice, if we are configuring our SAP systems to access from Internet or from External Network via SAP Web Dispatcher, we should implement SSL/HTTPS certificate to secure our web dispatcher & internal network.
All traffic from outside will only process via SSL layer & provide security to our SAP systems as well.
For Implementing or Renewing the existing SSL/HTTPS certificate, You need to purchase the same from any Third Party (i.e. – Go Daddy).
They will provide you SSL certificate in different formats – i.e. – pfx or crt
CRT file can directly import in SAP ABAP or JAVA system (STRUSTSSO2), make sure to enable https protocol on that respective system.
For Web Dispatcher, we requires PSE file & PSE file can be generate via provided PFX file by following below steps –
Pre-requisites – web dispatcher should be in running state with HTTPS protocol enabled.
1. Get PFX certificate from Vendor (i.e. – Go Daddy) with password.
2. Copy the PFX certificate to any directory in Web Dispatcher
Run the following commands to generate the PFX file from the same directory –
#sapgenpse import_p12 -p /usr/sap/SID/W00/sec/DIR NAME/SSL.pse /usr/sap/SID/W00/sec/DIR NAME/SSL_Godaddy.pfx …Press Enter..
enter the encrypted password shared by Vendor
Please enter PSE PIN/Passphrase: BLANK
#sapgenpse seclogin -p /usr/sap/SID/W00/sec/DIR NAME/SSL.pse -x password by vendor -O sidadm ..Press Enter..
Now SSL.pse has been generated in the same directory from here you trigger the commands.
Maintain the below profile parameters & Restart the Web Dispatcher –
SSL_ENCRYPT = 1
ssl/ssl_lib = kernel dir/libsapcrypto.so
ssl/server_pse = /usr/sap/SID/W00/sec/DIR NAME/SSL.pse
Also maintain the CIPHERSUITE parameters & other SSL parameters as per your requirement.