Hi everybody,
I am trying to set up the following portal environment with SSL:
1. SAP web dispatcher connected with two backend systems: portal and erp
2. SAP enterprise portal installation abc.internaldomain.com
3. SAP ERP 6.0 EhP5 installation def.internaldomain.com with HCM Enterprise Self Services
The HCM ESS application is integrated into the portal with the external name sap-erp.externaldomain.com. The web dispatcher is connected with both backend systems via icm/HTTP/mod_ ... parameters and a filter file which dispatches the requests between the two backend systems according to their external hostnames.
The web dispatcher is reachable on the external portal name sap-portal.externaldomain.com and in addition on the external erp name sap-erp.externaldomain.com so it can dispatch the ingoing requests to the right backend system.
The SSL connections should terminate at the web dispatcher so there has been created a SSL server pse file with the own certificate's CN "sap-portal.externaldomain.com". For this certificate a certificate request has been signed by a CA and the certificate answer was imported into the pse.
When calling the portal installation with URL https://sap-portal.externaldomain.com the signed certificate is accepted from the browser and no warning or error message is displayed. But if one starts a portal embedded ESS webdynpro application from erp system the browser shows a certificate error because the certificate was only issue for sap-portal.externaldomain.com and not for sap-erp.externaldomain.com.
In browser firefox one can define and save an exception so that the error message will not appear in further sessions. In IE8 one can choose the option to display the blocked content but this is only possible within the same browser session.
There is an option to use subject alternative names (SANs) within one certificate for multiple hostnames, but I did not found any support within SAPs tools sapgenpse or transaction STRUST.
Can anyone give a recommendation how to set up the portal integrated HCM self services applications with SSL and CA-signed certificates where no error messages concerning certificates are displayed?
Many thanks in advance
Björn Tralls