How to implement Security Using:
SAP WebDispatcher and SSL
Authentication into J2EE application (like EP) using X.509 client certificates
Swap an expired SSL certificate to a new oneBackground and Requirement:
The following document will describe how the NCC portal security was implemented.This documented should be used for SAP Consulting knowledge sharing purposesonly. Do not distribute this to non-SAP parties as it contains sensitive information likethe hostnames of our architecture.
The NCC portal infrastructure consisted of 3 servers:Tsphl834.phl.sap.corp – DatabaseTsphl845.phl.sap.corp – CI + SCS + 1 J2EE Dispatcher + 2 Server NodesTsphl884.phl.sap.corp - 1 J2EE Dispatcher + 2 Server NodesAn instance of SAP Web Dispatcher was created to run on tsphl834.phl.sap.corp to provide a single point of entry to the portal infrastructure and also load balance the trafficto the J2EE cluster evenly.There was also a need to provide SSL communications to the end user along with ClientCertificate authentication. Each end user would have a unique client X.509 certificatewhich would be forwarded by the browser. The following is an example.