Forum Discussion

Saba_007_140621's avatar
Saba_007_140621
Icon for Nimbostratus rankNimbostratus
Apr 02, 2014

HTTPS requests get converted to HTTP

Hi Experts !

 

We're using the Really Complex Proxy Configuration for SAP as described here: http://wiki.scn.sap.com/wiki/display/BSP/Using+Proxies?original_fqdn=wiki.sdn.sap.com

 

Some solutions work well with HTTPS...however; for certain SAP solutions like CLM (Sourcing), all the HTTPS links get converted to HTTP, resulting in Page cannot be displayed messages. Some SRM pages too; shift to HTTP, resulting in the same problem.

 

Since we're using the third proxy scenario (above), HTTPS is not activated inside SAP. (A table (like HTTPURLLOC) is maintained on the F5 for HTTPS requests though...) This table is not maintained inside SAP...

 

External world request-->F5-->SAP Webdispatcher-->SAP WebAS...where F5 converts HTTPS to HTTP. SAP sends the response back in HTTP format & its F5's job to convert the same back to HTTPS before it reaches the end user.

 

Please can you help advise what additional steps are required on the F5 (or maybe within SAP) to ensure all requests are returned only via HTTPS using the third scenario (above)...

 

Thanks a ton !!! saba.

 

  • In order to make this work, you'll need several thigns:

     

    1. A virtual server configured for TCP port 443, configure an HTTP profile
    2. A client SSL profile, which is to be assigned to the virtual server. The client SSL profile (when configured with an SSL certificate/key pair) will terminate the SSL session at the BIG-IP. The choice of certificate to use on the BIG-IP is yours, but it should be something that users aren't going to receive security warnings for. Ideally it would be issued by a publicly trusted CA.
    3. A pool with the server or servers specifying their port as 1080 as scenario three depicts. Apply this pool to your virtual server.

    That should be about it. If you want to dig deeper into any of the above steps, just ask. Not sure your level of familiarity with BIG-IP so I kept it simple.

     

  • In order to make this work, you'll need several thigns:

     

    1. A virtual server configured for TCP port 443, configure an HTTP profile
    2. A client SSL profile, which is to be assigned to the virtual server. The client SSL profile (when configured with an SSL certificate/key pair) will terminate the SSL session at the BIG-IP. The choice of certificate to use on the BIG-IP is yours, but it should be something that users aren't going to receive security warnings for. Ideally it would be issued by a publicly trusted CA.
    3. A pool with the server or servers specifying their port as 1080 as scenario three depicts. Apply this pool to your virtual server.

    That should be about it. If you want to dig deeper into any of the above steps, just ask. Not sure your level of familiarity with BIG-IP so I kept it simple.

     

  • Thanks a lot, Cory !!!

     

    You're rite...m a complete novice :( Will run this past my F5 colleagues & definitely write back in case of any further queries....thanks again :)))