Web Dispatcher with SSL termination for EP

Hi All,
I want to configure SAP Web Dispatcher (installed on windows) for SSL
termination scenario. I did all the configuration steps, SSL Basic,
SSL termination steps without Metadata Exchange scenario.
But , when i am trying to access the portal using "
https://<DispatcherHost>:<Port>/irj/portal", its giving page
can not be displayed error
This is how the profile file of the dispatcher looks like,
profile file **************
Profile generated by sapwebdisp bootstrap
unique instance number
SAPSYSTEM = 2
Accessibility of Message Servers
rdisp/mshost = <portal server>
ms/http_port = 8101
SAP Web Dispatcher Parameter
wdisp/auto_refresh = 120
wdisp/max_servers = 100
wdisp/shm_attach_mode = 6
configuration for large scenario
icm/max_conn = 16384
icm/max_sockets = 16384
icm/req_queue_len = 6000
icm/min_threads = 100
icm/max_threads = 250
mpi/total_size_MB = 500
mpi/max_pipes = 21000
#maximum number of concurrent connections to one server
wdisp/HTTP/max_pooled_con = 2000
wdisp/HTTPS/max_pooled_con = 2000
SAP Web Dispatcher Ports
SAP Web Dispatcher Web Administration
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=./admin
icm/server_port_0 = PROT=HTTPS,PORT=5000
icm/server_port_1 = PROT=HTTP,PORT=0
icm/HTTPS/verify_client = 0
DIR_INSTANCE=D:\SAP_SSL\secudir
ssl/ssl_lib=D:\SAP_SSL\secudir\sapcrypto.dll
sss/server_pse=D:\SAP_SSL\secudir\SAPSSL.pse
wdisp/ssl_encrypt = 0
wdisp/add_client_protocol_header = true
profile file **************
After modifying the profile file, restarting the dispatcher gives the
following information in the command prompt,
Information in command prompt *******
D:\SAP_SSL\sapwebdisp\sapwebdisp pf=sapwebdisp.pfl
**Warning: Could not start service 5000 for protocol HTTPS on host
<hostname>" <on all adapters>
*SAP Web Dispatcher up and operational <pid: 1700>*
Information in command prompt *******
What may be problem? Did i miss out any steps ?
Please help !
Regards,
Sandip

Hi Sandip,
Please check this thread..
/thread/41459 [original link is broken]
cheers,
Prashanth
P.S : Please mark helpful answers

Similar Messages

Web dispatcher with SSL

Hi,
We have EP 6.0 SP16 paltform on win2003/oracle.
We configured SSL, so we connect using https protocol.
We have two application servers for our portal platform.
For load balancing we use SAP Web Dispatcher.
we didn't configure SSL for the host where Web dispatcher resides. So we want web dispather to convert http requests to https.
For this purpose we used parameters
icm/server_port_0 = PROT=HTTP, PORT=8003
wdisp/ssl_encrypt = 2
as said in
http://help.sap.com/saphelp_nw04/helpdata/en/d8/a922d7f45f11d5996e00508b5d5211/frameset.htm
we get error:
Detail: no valid destination server available for '!ALL' rc=7
How can we solve this error ?
Best regards

Hello ..,
By defining wdisp/ssl_encrypt = 2 in your pfl file is not enough. I'm assuming you ahve missed the following steps:-
1. Install the SAP Cryptographic Library on the SAP Web Dispatcher.
2. Set the profile parameters.
3. Create the SAP Web Dispatchers PSE(s) and certificate request(s).
4. Send the certificate request(s) to a CA to be signed.
5. Import the certificate request response(s) into the PSE.
6. Create credentials for the SAP Web Dispatcher.
7. Restart the SAP Web Dispatcher.
8. Test the connection.
You need to perform all the above mentioned steps for the SSL. Please refer this link:-
http://help.sap.com/saphelp_nw04/helpdata/en/39/09a63d7af20450e10000000a114084/frameset.htm
Regards
Vaib

Web Dispatcher and SSL

Dear All,
I've configured Web Dispatcher with SSL. When I run command "sapwebdisp pf=sapwebdisp.pfl", my HTTPS service could not be started. It gives me error "WARNING: Could not start service 60000 for protocol HTTPS on host "myserver" (on all adapters)".
Any idea?
BTW, my SAP Web Dispatcher is up and running.
Rgds,
Hapizorr

HI Koti Reddy,
Below is the log from dev_webdisp. Any iddea?
trc file: "dev_webdisp", trc level: 1, release: "700"
sysno 00
sid
systemid 562 (PC with Windows NT)
relno 7000
patchlevel 0
patchno 110
intno 20050900
make: multithreaded, ASCII, 64 bit, optimized
pid 2892
[Thr 2800] started security log to file dev_icm_sec
[Thr 2800] SAP Web Dispatcher running on: psahrmswd
[Thr 2800] MtxInit: 30001 0 2
[Thr 2800] IcmInit: listening to admin port: 65000
[Thr 2188] *** WARNING => HttpPlugInInit: Parameter icm/HTTPS/trust_client_with_issuer or icm/HTTPS/trust_client_with_subject not set => do not trust any intermediary
X.509 cert data will be removed from header [http_plgrt.c 670]
[Thr 2188] *** WARNING => HttpAdmHandlerInit: archive ./wdispadmin.SAR does not exist [http_adm.cpp 286]
[Thr 2188] *** WARNING => HttpAdmHandlerInit: archive ./wdispadmin.SAR does not exist - nothing extracted [http_adm.cpp 301]
[Thr 2188] HttpSubHandlerAdd: Added handler HttpAdminHandler(slot=0, flags=4101) for /sap/wdisp/admin:0
[Thr 2188] CsiInit(): Initializing the Content Scan Interface
[Thr 2188] PC with Windows NT (mt,ascii,SAP_CHAR/size_t/void* = 8/64/64)
[Thr 2188] CsiInit(): CSA_LIB = ".\sapcsa.dll"
[Thr 2188] *** ERROR => DlLoadLib: LoadLibrary(.\sapcsa.dll) Error 126 [dlnt.c 237]
[Thr 2188] Error 126 = "The specified module could not be found."
[Thr 2188] *** ERROR => HttpAuthHandlerInit: url: / -> failed -> content filter deactivated [http_auth.c 300]
[Thr 2188] HttpSubHandlerAdd: Added handler HttpAuthHandler(slot=1, flags=12293) for /:0
[Thr 2188] HttpSubHandlerAdd: Added handler HttpWebDispHandler(slot=2, flags=28677) for /:0
[Thr 2188] =================================================
[Thr 2188] = SSL Initialization on PC with Windows NT
[Thr 2188] = (700_REL,May 21 2007,mt,ascii,SAP_UC/size_t/void* = 8/64/64)
[Thr 2188] SapISSLComposeFilename(): profile param "ssl/ssl_lib" = "U:\secudir\sec\sapcrypto.dll"
 resulting Filename = "U:\secudir\sec\sapcrypto.dll"
[Thr 2188] SapISSLComposeFilename(): profile param "ssl/server_pse" = "U:\secudir\sec\SAPSSL.pse"
 resulting Filename = "U:\secudir\sec\SAPSSL.pse"
[Thr 2188] = found SAPCRYPTOLIB 5.5.5C pl24 (Jun 11 2008) MT-safe
[Thr 2188] = current UserID: PSAHRMSWD\Administrator
[Thr 2188] = found SECUDIR environment variable
[Thr 2188] = using SECUDIR=U:\secudir\sec
[Thr 2188] *** ERROR => secudessl_Create_SSL_CTX(): PSE "U:\secudir\sec\SAPSSL.pse" not found! [ssslsecu.c 1296]
[Thr 2188] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
[Thr 2188] >> -
Begin of Secude-SSL Errorstack -
>>
[Thr 2188] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "U:\secudir\sec\SAPSSL.pse"
ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "U:\secudir\sec\SAPSSL.pse"
ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "U:\secudir\sec\SAPSSL.pse"
ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "U:\secudir\sec\SAPSSL.pse"
ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "U:\secudir\sec\SAPSSL.pse"
[Thr 2188] << -
End of Secude-SSL Errorstack -
[Thr 2188] *** ERROR => Initialization of SSL library failed -- NO SSL available!
[Thr 2188] =================================================
[Thr 2188] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
[Thr 2188] *** ERROR => IcmAddService: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv.c 319]
[Thr 2800] IcmCreateWorkerThreads: created worker thread 0
[Thr 2800] IcmCreateWorkerThreads: created worker thread 1
[Thr 2800] IcmCreateWorkerThreads: created worker thread 2
[Thr 2800] IcmCreateWorkerThreads: created worker thread 3
[Thr 2800] IcmCreateWorkerThreads: created worker thread 4
[Thr 2800] IcmCreateWorkerThreads: created worker thread 5
[Thr 2800] IcmCreateWorkerThreads: created worker thread 6
[Thr 2800] IcmCreateWorkerThreads: created worker thread 7
[Thr 2800] IcmCreateWorkerThreads: created worker thread 8
[Thr 2800] IcmCreateWorkerThreads: created worker thread 9
[Thr 2832] IcmWatchDogThread: watchdog started

Configuring JMS and loadbalancer with SSL termination? Has Anyone done it?

Hi all,
I'm having a problem getting JMS or even any JNDI lookup to work with a hardware load balancer and SSL termination. Has anyone used such a configuration? The load balancer in question is a Cisco CSS 11500 Series which has an SSL module. A client communicates with the CSS over SSL, the SSL module decrypts the packets and sends it for content switching and on to WebLogic as cleartext.
Without SSL termination everthing works fine. With SSL termination active, Web service and web content all work fine, but I can't get SSL tGetting Initial context from ms01
<29-Sep-2006 16:07:22 o'clock IST> <Debug> <TLS> <000000> <SSL/Domestic license found>
<29-Sep-2006 16:07:22 o'clock IST> <Debug> <TLS> <000000> <Not in server, Certicom SSL license found>
<29-Sep-2006 16:07:23 o'clock IST> <Debug> <TLS> <000000> <SSL Session TTL :90000>
<29-Sep-2006 16:07:23 o'clock IST> <Debug> <TLS> <000000> <Trusted CA keystore: D:/eclipse/workspace/LoadBalancerTest/ssl/keystores/cssKeyS
ore.keystore>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 886220>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLSocket will NOT be Muxing>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <write SSL_20_RECORD>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <3941240 received HANDSHAKE>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHello>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <3941240 received HANDSHAKE>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Certificate>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <validationCallback: validateErr = 0>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> < cert[0] = [
Version: V3
Subject: EMAILADDRESS="[email protected] ", CN=10.51.0.200, OU=Web Administration, O=Revenue Commissioners, L=Dublin, ST=Dublin,
=IE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
a8f60248 b87c5860 229b9044 a666a9ae 27eb488c 424d9e67 e7b9d6d0 c292f081
cfa76c04 f3d89b28 1bf544f9 5de2b66d 576ebeca 5dc5ca8a fceead9a 52e2ce6c
2b91afef e4da5071 49b8784c 12d7f5f3 99f76482 79efe1d8 0a24f664 4c8d6e9e
b0bc63be 1faf8319 eeb23e8a 019b65b2 59dd086d 1b714d4c 01618804 66f416bb
Validity: [From: Fri Sep 08 11:44:28 BST 2006,
 To: Mon Sep 05 11:44:28 BST 2016]
Issuer: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
SerialNumber: [ 0131]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 0E 6E 72 2E B1 3B B6 A3 59 79 5A C5 41 26 B7 B6 .nr..;..YyZ.A&..
0010: A2 39 4C 73 .9Ls
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
0010: AA 97 05 0D ....
[CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE]
SerialNumber: [ 00]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 2C A0 0C 34 4E 0D CA 24 A5 C3 03 3A 71 A1 2D D3 ,..4N..$...:q.-.
0010: 65 A2 FA EF C1 5D D4 4A 28 8C 1A 70 5F 92 73 5E e....].J(..p_.s^
0020: 7B 13 D4 AE 36 A8 86 EA 60 7F A5 E3 86 6E 84 1F ....6...`....n..
0030: 5E 5F 30 06 B4 AA 2E 5C A7 65 74 32 09 0A 91 14 ^_0....\.et2....
]>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> < cert[1] = [
Version: V3
Subject: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
bc61b29f a830c97a 7a76883e 1665a241 a68b891f 8e4167eb 62e578ac 9e342c3e
53c9de8b e756634b e364010f 4d36c1c5 21a65b37 b64b4861 6f4dda29 b932191f
Validity: [From: Mon May 31 15:22:15 BST 2004,
 To: Thu May 29 15:22:15 BST 2014]
Issuer: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
SerialNumber: [ 00]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
0010: AA 97 05 0D ....
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
0010: AA 97 05 0D ....
[CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE]
SerialNumber: [ 00]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 3C 64 7C 9E 0B 90 48 9D 70 74 06 80 7F 2C AF 73 <d....H.pt...,.s
0010: 92 1C C3 39 DD C3 45 B6 A4 8E 11 27 8E 21 18 4B ...9..E....'.!.K
0020: FD AA 31 5E 35 FC DF 9E 70 42 F4 65 5C DF 56 9A ..1^5...pB.e\.V.
0030: DD 8C 6B B7 3B BE E5 A7 D5 4A 16 23 C1 91 07 CA ..k.;....J.#....
]>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLTrustValidator returns: 0>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <Trust status (0): NONE>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <Performing hostname validation checks: 10.51.0.200>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3941240 received HANDSHAKE>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHelloDone>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 134>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 16>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3941240 received CHANGE_CIPHER_SPEC>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3941240 received HANDSHAKE>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Finished>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 0>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 272>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3445873 read(offset=0, length=2048)>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3941240 received APPLICATION_DATA: databufferLen 0, contentLength 372>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3445873 read databufferLen 372>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3445873 read A returns 372>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 0>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 339>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3445873 read(offset=372, length=1676)>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 6771926>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLSocket will NOT be Muxing>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 93>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 SSL3/TLS MAC>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 received HANDSHAKE>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHello>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 SSL3/TLS MAC>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 received CHANGE_CIPHER_SPEC>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 SSL3/TLS MAC>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 received HANDSHAKE>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Finished>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 16>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 0>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 402>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 0>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 1707>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <23328673 read(offset=0, length=2048)>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 SSL3/TLS MAC>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 received APPLICATION_DATA: databufferLen 0, contentLength 174>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <23328673 read databufferLen 174>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <23328673 read A returns 174>
<29-Sep-2006 16:07:44 o'clock IST> <Debug> <TLS> <000000> <NEW ALERT with Severity: WARNING, Type: 0
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)
at weblogic.net.http.HttpClient.closeServer(HttpClient.java:466)
at weblogic.net.http.KeepAliveCache$1.run(KeepAliveCache.java:120)
at java.util.TimerThread.mainLoop(Unknown Source)
at java.util.TimerThread.run(Unknown Source)
>
<29-Sep-2006 16:07:44 o'clock IST> <Debug> <TLS> <000000> <avalable(): 23328673 : 0 + 0 = 0>
<29-Sep-2006 16:07:44 o'clock IST> <Debug> <TLS> <000000> <write ALERT, offset = 0, length = 2>
<29-Sep-2006 16:07:44 o'clock IST> <Debug> <TLS> <000000> <SSLIOContextTable.removeContext(ctx): 6771926>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <3941240 received APPLICATION_DATA: databufferLen 0, contentLength 98>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <3445873 read databufferLen 98>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <3445873 read A returns 98>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 8406772>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLSocket will NOT be Muxing>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 93>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <21830977 SSL3/TLS MAC>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <21830977 received HANDSHAKE>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHello>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <21830977 SSL3/TLS MAC>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <21830977 received CHANGE_CIPHER_SPEC>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <21830977 SSL3/TLS MAC>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <21830977 received HANDSHAKE>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Finished>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 16>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 0>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 339>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <5618579 read(offset=0, length=2048)>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
Exception in thread "main" javax.naming.CommunicationException [Root exception is java.net.ConnectException: https://10.51.0.200:8143: Boot
trap to: 10.51.0.200/10.51.0.200:8143' over: 'https' got an error or timed out]
at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:47)
at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:636)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:306)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:239)
at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:135)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.InitialContext.<init>(Unknown Source)
at TestAllManagedServers.main(TestAllManagedServers.java:54)
Caused by: java.net.ConnectException: https://10.51.0.200:8143: Bootstrap to: 10.51.0.200/10.51.0.200:8143' over: 'https' got an error or t
med out
at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:200)
at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:125)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:296)
... 7 more
o work for a simple JNDI lookup. With SSL debugging turned on, the following output is given:
When I compare the Server HTTP logs I see that an initial context lookup involves 3 HTTP requests, e.g.
25.2.1.210 - - [29/Sep/2006:16:29:12 +0100] "GET /bea_wls_internal/HTTPClntLogin/a.tun?wl-login=https+dummy+WLREQS+8.1.5+dummy+%0A&r
and=3018901804201457976&AS=255&HL=19 HTTP/1.1" 200 17
25.2.1.210 - - [29/Sep/2006:16:29:12 +0100] "GET /bea_wls_internal/HTTPClntRecv/a.tun?connectionID=0&rand=7332722597180897050 HTTP/1
.1" 200 2341
25.2.1.210 - - [29/Sep/2006:16:29:12 +0100] "POST /bea_wls_internal/HTTPClntSend/a.tun?connectionID=0&rand=3415396992694182025 HTTP/
1.1" 200 17
When my request goes through the load balancer I see the following in the HTTP logs:
10.51.0.200 - - [29/Sep/2006:16:31:33 +0100] "GET /bea_wls_internal/HTTPClntLogin/a.tun?wl-login=https+dummy+WLREQS+8.1.5+dummy+%0A&
rand=8279752507152372405&AS=255&HL=19 HTTP/1.1" 200 17
10.51.0.200 - - [29/Sep/2006:16:31:33 +0100] "POST /bea_wls_internal/HTTPClntSend/a.tun?connectionID=0&rand=1051450669479197885 HTTP
/1.1" 200 17
10.51.0.200 - - [29/Sep/2006:16:32:28 +0100] "GET /bea_wls_internal/HTTPClntRecv/a.tun?connectionID=0&rand=6035654607615870287 HTTP/
1.1" 200 5
10.51.0.200 - - [29/Sep/2006:16:33:13 +0100] "GET /bea_wls_internal/HTTPClntRecv/a.tun?connectionID=0&rand=8245112057388607005 HTTP/
1.1" 200 5
Notice the time delay in some of the messages.
The following error appears in the WebLogic server log, however I've verified that all IP addresses referenced by the load balancer configuration match those in the WebLogic configuration:
<29-Sep-2006 16:31:43 o'clock IST> <Error> <RJVM> <BEA-000572> <The server rejected a connection attempt JVMMessage from: '266014296
868812899C:25.2.1.210R:2462711729186814398S:10.51.0.2:[8113,8113,8114,8114,8113,8114,-1,0,0]:10.51.0.1:8103,10.51.0.1:8105,10.51.0.1
:8107,10.51.0.2:8109,10.51.0.2:8111,10.51.0.2:8113:risIntCluster01:ms06' to: '0S:10.51.0.200:[-1,-1,-1,8143,-1,-1,-1,-1,-1]' cmd: 'C
MD_IDENTIFY_REQUEST', QOS: '102', responseId: '0', invokableId: '0', flags: 'JVMIDs Sent, TX Context Not Sent', abbrev offset: '228'
probably due to an incorrect firewall configuration or admin command.>
When a JNDI lookup is made directly to a WebLogic server on the https port, the client gives the following output:
Getting Initial context from ms01
<29-Sep-2006 16:29:22 o'clock IST> <Debug> <TLS> <000000> <SSL/Domestic license found>
<29-Sep-2006 16:29:22 o'clock IST> <Debug> <TLS> <000000> <Not in server, Certicom SSL license found>
<29-Sep-2006 16:29:23 o'clock IST> <Debug> <TLS> <000000> <SSL Session TTL :90000>
<29-Sep-2006 16:29:23 o'clock IST> <Debug> <TLS> <000000> <Trusted CA keystore: D:/eclipse/workspace/LoadBalancerTest/ssl/keystores/cssKeySt
ore.keystore>
<29-Sep-2006 16:29:23 o'clock IST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
<29-Sep-2006 16:29:23 o'clock IST> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 7860099>
<29-Sep-2006 16:29:23 o'clock IST> <Debug> <TLS> <000000> <SSLSocket will NOT be Muxing>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <write SSL_20_RECORD>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <32915800 SSL3/TLS MAC>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <32915800 received HANDSHAKE>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHello>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <32915800 SSL3/TLS MAC>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <32915800 received HANDSHAKE>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Certificate>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <validationCallback: validateErr = 0>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> < cert[0] = [
Version: V3
Subject: CN=10.52.0.3, OU=Revenue Integration Server, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
ac47cae5 45e55fe4 8ec06362 84aab923 af35d7f1 8b7e8aaa 32772d8a d8185106
0ba91363 07162207 6eaa33b4 db8a3fbb 1e228e93 841ff322 e319242a 04ae7447
Validity: [From: Mon May 31 16:45:21 BST 2004,
 To: Thu May 29 16:45:21 BST 2014]
Issuer: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
SerialNumber: [ 05]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D7 B3 92 7B C7 4E 2F 5D F3 97 CB 3B F9 FB 0A 1E .....N/]...;....
0010: 97 C5 DD F1 ....
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
0010: AA 97 05 0D ....
[CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE]
SerialNumber: [ 00]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 57 B6 54 4E 1A 54 91 66 5C A8 FE AF B6 50 AB 23 W.TN.T.f\....P.#
0010: 6A 32 42 77 06 44 D5 7D 40 81 E4 DD 84 E3 7B 55 [email protected]
0020: 96 A6 BC E9 E9 51 96 B9 E4 01 56 F9 41 B7 0C C3 .....Q....V.A...
0030: 0A 92 C0 17 6E 6B 9D D6 9A 87 6D 6E 15 5A 86 F4 ....nk....mn.Z..
]>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> < cert[1] = [
Version: V3
Subject: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
bc61b29f a830c97a 7a76883e 1665a241 a68b891f 8e4167eb 62e578ac 9e342c3e
53c9de8b e756634b e364010f 4d36c1c5 21a65b37 b64b4861 6f4dda29 b932191f
Validity: [From: Mon May 31 15:22:15 BST 2004,
 To: Thu May 29 15:22:15 BST 2014]
Issuer: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
SerialNumber: [ 00]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
0010: AA 97 05 0D ....
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
0010: AA 97 05 0D ....
[CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE]
SerialNumber: [ 00]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 3C 64 7C 9E 0B 90 48 9D 70 74 06 80 7F 2C AF 73 <d....H.pt...,.s
0010: 92 1C C3 39 DD C3 45 B6 A4 8E 11 27 8E 21 18 4B ...9..E....'.!.K
0020: FD AA 31 5E 35 FC DF 9E 70 42 F4 65 5C DF 56 9A ..1^5...pB.e\.V.
0030: DD 8C 6B B7 3B BE E5 A7 D5 4A 16 23 C1 91 07 CA ..k.;....J.#....
]>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <SSLTrustValidator returns: 0>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <Trust status (0): NONE>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <Performing hostname validation checks: 10.51.0.1>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 SSL3/TLS MAC>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 received HANDSHAKE>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHelloDone>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 70>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 16>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 SSL3/TLS MAC>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 received CHANGE_CIPHER_SPEC>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 SSL3/TLS MAC>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 received HANDSHAKE>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Finished>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 0>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 270>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <30340343 read(offset=0, length=2048)>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 SSL3/TLS MAC>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TL

You will need an AAM set with the internal (http) address.
http://blogs.msdn.com/b/ajithas/archive/2009/09/11/alternate-access-mapping-in-reverse-proxy-configuration.aspx
Dimitri Ayrapetov (MCSE: SharePoint)

SAP Web Dispatcher Configuration (SSL, certificates)

Hi all,
We're trying to configure the SAP Web Dispatcher for the use of SSL (terminated) and client authentication using x.509 certificates. All works (almost)fine. However, there's some strange behavior that I can not explain.
The following access point have been specified in the profile:
Description of the Access Points
icm/server_port_0 = PROT=HTTPS, PORT=443, TIMEOUT=15
icm/server_port_2 = PROT=HTTP, PORT=83, TIMEOUT=15
icm/HTTPS/verify_client = 2
Basicly we only need users to access the web dispatcher using SSL. However, when I remove the line: icm/server_port_2 = PROT=HTTP, PORT=83, TIMEOUT=15
The Web Dispatcher returns an error upon accessing it using HTTPS:
Dispatching Error
Error: -26
Version: 6040
Component: HTTP_ROUTE
Date/Time: Tue Mar 14 07:19:38 2006
Module: http_route.c
Line: 2383
Server: sapvm1_DVS_26
Detail: no valid destination server available for '!ALL' rc=13
Any help would be highly appreciated. Thanks!
Frodo

Hi KS,
Maybe you were right afterall I found a nice How to on the servce.sap.com (https://websmp203.sap-ag.de/~form/sapnet?_SHORTKEY=00200797470000073632&_SCENARIO=01100035870000000202) and it seems you do have to add the HTTP server_port parameter in case SSL is being terminated (no re-encryption).
icm/server_port_0 = PROT=HTTPS, PORT=443, TIMEOUT=15
icm/server_port_1 = PROT=HTTP, PORT=0, TIMEOUT=15
However, the trick is to set the port to zero (0), that way you can still only access the Web Dispatcher via HTTPS.
All is working now.
Frodo

Client authentication in PI when SAP Web dispatcher terminates SSL

PI Security Experts,
Here is our design for Third-party Peoplesoft system initiating SOAP Call to PI Web Service created on our PI server.
1) Third-party Peoplesoft Application server initiates a SOAP call.
2) Third-party Network Gateway has a URL server certificate from our gateway and our gateway server has a root certificate from the CA used by third-party gateway. this will be used to establish the SSL tunnel between gateway.
3) SOAP request in our network will be routed through load balancer to SAP web dispatcher.
4) SAP web dispatcher terminates SSL connection
5) We will generate client cert for authentication and pass it onto third-party which they will load onto their PeopleSoft application server. SOAP call initiating from the PeopleSoft server will pass the client cert along with the message (My understanding is that the client cert will not be a part of SOAP message body. Ina other words we are not implementing message-level security. Is that true? How will the client cert be passed? How and where will a client attach the client cert with message?My understanding is that this is a network layer security and client certificate will be authenticated on PI J2ee server at SSL protocol level..Is my understanding correct?)
6) We will also load client certificate generated for client onto J2EE server using Visual Admin and map it to PI user for authentication.
7) SAP web dispatcher terminates SSL and passes the SOAP message to PI (J2EE) along with client cert in a http header variable.
There is some conflicting SAP documents. some say that client cert can't be used for PI authentication if Web Dispatcher terminates SSL connection (http://help.sap.com/saphelp_nw04s/helpdata/en/ea/301e3e6217b40be10000000a114084/frameset.htm). There is some other documents that say that authentication using client cert is possible by having J2EE trusting Web Dispatcher and by passing client cert from Web Dispatcher to J2EE in a httpheader variable (http://help.sap.com/saphelp_erp2005/helpdata/en/ea/301e3e6217b40be10000000a114084/content.htm).
Now if client cert authentication is possible even if Web dispatcher terminates SSL, what cert do we need on J2EE, a cert from Web dispatcher or a client cert that's coming in from the client appication (the one that we created and provided to our third-party)?
If we install a cert from web dispatcher on J2EE then do we need a client cert on Web dispatcher instead of on J2EE? If so how and where do we map client cert to PI User?
I will really appreciate any advise on whether we are going down the right path and any pointers to my questions.
Thanks,
Saurabh

Hi,
May be below links will be helpful
Check the following links.. you will get the information all about the securities...
http://help.sap.com/saphelp_nw04/helpdata/en/f7/c2953fc405330ee10000000a114084/content.htm
Also read thru this link for message level security - https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51
Also find soeminformation in these links
http://help.sap.com/saphelp_nw2004s/helpdata/en/a8/882a40ce93185de10000000a1550b0/frameset.htm
/people/aparna.chaganti2/blog/2007/01/23/how-xml-encryption-can-be-done-using-web-services-security-in-sap-netweaver-xi
Step by step guide for SSL security
step by step guide to implement SSL
Please go through below link for referance (above information is from below link)
http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
http://help.sap.com/saphelp_nw04/helpdata/en/ff/7932e4e9c51c4fa596c69e21151c7d/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/13/4a3ad42ae78e4ca256861e078b4160/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/3a/7cddde33ff05cae10000000a128c20/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/0a/0a2e0fef6211d3a6510000e835363f/content.htm
General guide
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a09f3d8e-d478-2910-9eb8-caa6516dd7d9
Message level security
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51
Regarding message level you can encrypt the message using certificates.
For both of this basis team has to deploy the releavant certificates in XI ABAP Stack or Java stack.
Generally if the scenarios are intra company we dont use any transport level or message level security since the network is already secured.
Thanks
Swarup

Consume Web Service with SSL

Hi expert!!!
I have a problem!!
I need consume a web service with ssl autentification in PI to call from SAP.
That web services is of AFIP (Argentina ).
i don`t know how do that!!
How and where configure the certificate for signature??
Thxz in advance!!!
Sorry my bad english..

thxz for all!!!!1
I will be to resume my problem
i need sign xml file with a certificate!!1
i have xml file build in ABAP, i try do with openssl in windows or unix to sign with private key file and certificate file .Crt
that generate a new file with sign, i put this in other web service and work....
i need do that in abap or pi..... i abap i could create xml file, but i can`t execute open ssl.....
thxz for u help!!!

Importing external web service with SSL certificate security

Hello,
I'm trying to import an external web service (that resides in another server, independent of ours). However, right after I enter the WSDL in the import window I get the following error in the NWDS:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target      [Error: com.sap.ide.es.core.ui.internal.wizards.fragments Thread[ModalContext,6,main]]
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
          at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
          at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649)
          at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
          at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
          at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
          at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
          at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
          at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
          at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
          at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
          at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
          at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
          at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
          at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
          at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1172)
          at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
          at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.getURLAsStream(UrlValidationRunnable.java:137)
          at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.validate(UrlValidationRunnable.java:75)
          at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.run(UrlValidationRunnable.java:55)
          at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
          at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
          at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
          at sun.security.validator.Validator.validate(Validator.java:218)
          at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
          at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
          at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
          at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
          ... 15 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
          at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
          at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
          at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
          ... 21 more
Has anyone ever consumed an external web service with SSL certificate security? How do you import this in your Web Dynpro project?
Cheers!

Hi Alain,
I just checked on a newer NW environment (NW 7.2) and was presented an empty list as well... It seems the mapping procedure I described is deprecated since NW 7.11, and the modeled CAF application service is already exposed as a web service.
You may want to have a look at http://help.sap.com/saphelp_nwce711/helpdata/en/43/f173947bbb025be10000000a1553f7/content.htm or http://scn.sap.com/message/7852996 for more info

CRM_UI Reporting - HTTPS Terminating at Web Dispatcher or SSL all the way

Hi,
We need to set up access to crm_ui reports (leads and marketing mainly) in CRM 7.0 for vendors coming from the internet. The CRM server is in the internal network. In order for this to work I plan to setup the web-dispatcher in the application dmz. The initial login is going to be via the web dmz layer (using sun's iplanet server), which then routes the crm URL to the web dispatcher in the App dmz and then from the web dispatcher to CRM server.
One requirement from our security team is to set up the flow as HTTPS.
On going through SAP help I get the impression that it can be set up two ways, one, configuring web dispatcher to pass the SSL connection to backend, & two - configuring the web dispatcher to terminate SSL.
Seems the former is quite straight forward (from SAP online help we have to set the icm/server_port_<xx>> = PROT=ROUTER) but does it also require that we setup the crm_ui_frame service as SSL and activate the HTTPS service in ICM?
Or is it better to go via the second option (HTTPS termination) without changing the backend setup? SAP Online help lists steps to do the HTTPS termination but I have not come across any detailed documentation for the first method.
Any thoughts, suggestions will be helpful for either scenario.
Thanks,
Rommel Bhan

Thanks Martin the document helped.
Now the web dispatcher seems to talk to the HTTPS port on the backend.
However there is one issue I see in the dev_webdisp and was wondering if you have an insight.
Based on webdispatcher parameters, its taling to ms_https_port 8533 of backend
[Thr 773] Mon Feb 15 15:03:35 2010
[Thr 773] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
[Thr 773] SecudeSSL_SessionStart: SSL_connect() failed --
[Thr 773] secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"
[Thr 773] >> -
Begin of Secude-SSL Errorstack -
>>
[Thr 773] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
[Thr 773] ERROR in af_verify_Certificates: (27/0x001b) Chain of certificates is incomplete : "CN=sapcms02.reinternal.com, OU=I0020210975, OU=SAP Web AS, O=SAP Trust Community, C=DE"
[Thr 773] ERROR in get_path: (27/0x001b) Found root certificate of <CN=sapcms02.reinternal.com, OU=I0020210975, OU=SAP Web AS, O=SAP Trust Community, C=DE> which does not fit the given PKRoot
[Thr 773] ERROR in verify_with_PKs: (27/0x001b) Found root certificate of <CN=sapcms02.reinternal.com, OU=I0020210975, OU=SAP Web AS, O=SAP Trust Community, C=DE> which does not fit the given PKRoot
[Thr 773] << -
End of Secude-SSL Errorstack -
[Thr 773] SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
[Thr 773] SSL NI-sock: local=10.104.146.81:62579 peer=10.104.146.81:8533
[Thr 773] <<- ERROR: SapSSLSessionStart(sssl_hdl=110acb850)==SSSLERR_SSL_CONNECT
[Thr 773] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT [icxxconn_mt.c 1911]
[Thr 773] *** ERROR => IcmConnClientRqCreate() failed (rc=-14) [icrxx_mt.c 5976]
[Thr 773] *** ERROR => Could not connect to SAP Message Server at sapcms02. URL=/msgserver/text/logon?version=1.2 [icrxx_mt.c 3289]
[Thr 773] *** ERROR => rc=-1, HTTP response code: 0 [icrxx_mt.c 3290]
[Thr 773] *** ERROR => see also SAP note 552286 [icrxx_mt.c 3291]
My backend is setup with SSL and web dispatcher is set to the following. Also since the backend and sapweb dispatcher are on the same host, using the same sidadm, the SSL stuff is on one location. I generated the SAPSSLS.pse in the backend using STRUST
Accessibility of Message Servers
rdisp/mshost = sapcms02
ms/http_port = 8100
ms/https_port = 8533
wdisp/server_info_protocol = https
SAP Web Dispatcher Ports
icm/server_port_0 = PROT=ROUTER,PORT=60000
icm/server_port_1 = PROT=HTTPS,PORT=0
icm/server_port_2 = PROT=HTTP,PORT=8080 <-- web dispatcher admin port
#SSL parameters similar to one in backend
ssf/ssfapi_lib = /usr/sap/CMS/SYS/exe/run/libsapcrypto.o
sec/libsapsecu = /usr/sap/CMS/SYS/exe/run/libsapcrypto.o
ssf/name = SAPSECULIB
ssl/ssl_lib = /usr/sap/CMS/SYS/exe/run/libsapcrypto.o
ssl/server_pse=/usr/sap/CMS/DVEBMGS00/sec/SAPSSLS.pse
ssl/client_pse=/usr/sap/CMS/DVEBMGS00/sec/SAPSSLC.pse

Web Dispatcher with Windows Intgrated Authentication

Hello,
We are setting up the relay of Browser ==> IISProxy ==> Web Dispatcher ==> Cluster. We plan to use Windows Integrated Authentication and terminate the SSL connection at the IIS. We are wondering how smoothly this will go as we have read differences in the order between IISProxy and WebDispatcher (in these forums) and have found nothing on the combination with SSL. I assume that the IISProxy will encrypt, authenticate, provide the cookie and then forward the request to the Web Dispatcher for further routing to the cluster.
Needless to say, has anyone done this successfully? Can anyone provide information, warnings, caveats, etc... so that we can decide to use the Web Dispatcher or another software-based NLB solution. We understand the technical benefits - especially in an SAP shop, but if there are richer features for authentication in latter releases we may consider putting it on hold and going with a known solution.
We have seen some appliances that can perform the SSL termination, 3rd party authentication, etc, etc,... are there any plans for the Web Dispatcher to be able to perform the authentication with windows (NTLM or Kerberos)?
All of the other features are grat and a breeze to work with however authentication on the MS domain is a must here and it may be the missing functionality.
Thanks and kind regards,
Judson

Hi Judson,
currently there is no plan to enhance web dispatcher into that direction. Instead we started to work together with network technology providers to offer the funtcionality of web dispatcher together with additional security and authentication stuff.
network is not our business, so there are no plans to boldly go into that direction. Because of that such combinations like authentication with wd are sometimes hard to do.
If you want a tip for the future I'd say, what you will see is boxes that have everything in there and two plugs for the internet and the sap network -everything else (firewalls, authentication, load balancing with automatic recognition of the sap cluster) would be in the box.
Regards,
Benny

Web Dispatcher and SSL on ABAP+Java

Hello,
Have installed SAP web dispatcher on WAS 6.40 ABAP+Java system. Communicating with Portal SP16 system.
The HTTP works fine. Have not been able to get SSL working with web dispatcher.
For troubleshooting activated ITS on this system and HTTPS works fine with ITS webgui.
Have followed the "how to" SSL for web dispatcher guide.
Also should mention that we have generated certificate requests and PSE's but our organization has not yet chosen a certificate authority to sign the cerficates. For other scenarios (log onto Portal, XI, etc) the only difference is the certifcate warning dialog, otherwise works fine. Would this cause a problem for Web Dispatcher?
Trying the SSL end to end scenario receive
WARNING: Could not start service 0 for protocol HTTPS on host "max-sap" on all adapters
Is there anything
unique for the ABAP+Java configuration?
Thanks,
Alan

I solved this problem by setting the following profile parameter on my webdispatcher profile.
wdisp/ssl_ignore_host_mismatch = true
Doesn't fix the underlying problem but got me going until I can figure it out.

Problem with Web Dispatcher with Double Stack

We have the latest version of Web Dispatcher - 7.0 with latest patch.
I'm having a problem where I am trying to use the web dispatcher for load balancing in a double stack (ABAP/JAVA) system. The person who did the install pointed the installation to the wrong server (which I assume can be easily changed in the profile). However, on the page where it indicates to activate the SICF services he left the box unchecked (but I checked that necessary ones were activated per note 552286). I now get these kind of errors when pointing to the http message server on a different system (he installed it assuming it was just for portal (java):
[Thr 5] *** ERROR => ICP_StructValue: illegal struct reference: wdisp_host_info.capacityIsFi
xed [icpvalue_mt. 257]
[Thr 5] *** ERROR => caught ICP exception (eval): ICP_StructValue: illegal struct reference:
wdisp_host_info.capacityIsFixed [icpvalue_mt.cpp 257] [http_adm_mt. 1488]
I get the above error when I go to "monitor server" groups in the web dispatcher admin console.
Here is my profile:
SAPSYSTEMNAME = PW4
SAPSYSTEM = 01
INSTANCE_NAME = W01
DIR_CT_RUN = $(DIR_EXE_ROOT)/run
DIR_EXECUTABLE = $(DIR_CT_RUN)
Accesssability of Message Server
rdisp/mshost = <fully qualified hostname>
ms/http_port = 8101
Configuration for medium scenario
icm/max_conn = 500
icm/max_sockets = 1024
icm/req_queue_len = 500
icm/min_threads = 10
icm/max_threads = 50
mpi/total_size_MB = 80
SAP Web Dispatcher Ports
icm/server_port_0 = PROT=HTTP,PORT=81$$
Any insight is greatly appreciated!!

Hi,
I've never seen this error but some thing seems strange to me :
You use the same port (8101) for the listening port of the web dispatcher and the listening port of the message server of you back office system.
Is it really the case ?
Is PW4 the SID of you web disptcher ?
Is SAPSYSTEM = 01 the sysnr of your web dispatcher ?
I hope that the info of the web disptcher is not mixed up with the back office info ?
Regards,
Olivier

OHS - Webserver SSL Termination for EPM

Gurus,
Could you please help me with the instructions to setting up the EPM environment as SSL (web server termiantion at OHS.)
I am done wih the installing an configuring all of the EPM products and now I need to enable the SSL at OHS.
I have reviewed the document but I am getting confused with all kind of setups. Do you have any detailed steps or point to me something ( other than Oracle documentation )?
Thank you in advance !
Edited by: 945478 on Aug 9, 2012 5:24 AM

Hello,
Check this URL, I have uploaded a document which can help you with terminating SSL at web server.
http://www.scribd.com/doc/102533508/Implementation-Steps
Thanks.

Simple steps to set up SAP Web Dispatcher and SSL

Hi,
Could someone please provide simple steps explaining how to configure the SWD to communicate using end-2-end SSL with an XI server? The J2EE engine is listening on port 50001 for HTTPS requests. I have verified SSL is fine through direct connectivity.
Also our SWD now works fine with HTTP.
Could someone explain the following:
1. What parameters must I specify in the SWD profile file?
2. Do I have to add any parameters via RZ10 to the instance profile?
3. Do I have to create and activate an HTTPS service via SMICM?
4. Do I have to activate any internet services via SICF?
Thanks

Hi Eddy,
Sorry just got round to checking on this. The documentation you point to here is what we used as the basis for our setup.
We are attempting to use End-2-End SSL and did modify the SWD profile accordingly. It does not work however. If I connect via SSL directly to the J2EE server it works fine. Also connecting via HTTP thru the SWD works as well.
We are unsure as to whether there is something (parameters, service, etc.) that we have to set up via SMICM and/or RZ10 to enable SSL on the ICM? Or even whether that is necessary.
Ideally what I'd like is if someone can explain step-by-step what needs to be set up in the ABAP stack/message server that would be great.
Thanks
Brian

Web site with java benchmarks for various cpus?

Is there a web site that shows java benchmarks run on various P4 and AMD cpus, so that it is possible to see the relatively speed at which java runs on these cpus?

You'll find a few if you search around, but none will be meaningful. The problem with Java, or any other Virtual Machine type runtime language is you can not design a benchmark that really has meaning, in any context but the benchmark itself. First off, you're not benchmarking "Java" you're benchmarking the "JVM". I try to convince people to not waste so much time on these speed issues. Your time would be better learning how to write better code, which would give a much bigger speed increase then switching from a P4 to an Athlon. Developers often make mistakes and oversites in their work that slows a program down by an order of magnitude. You're never going to see that kind of performance difference in CPUs. So get a good deal on machine, the most "bang-for-your-buck" if you will, and go to town, and stop worrying, hotspot is fast.
Sparc Chips are different story because a little thing called register coloring... but you didn't mention sparc chips, so I won't tell the story.
Spinoza

Web Dispatcher with SSL termination for EP

Similar Messages

Maybe you are looking for