Bind ICM to port 443

Published by Tobias Hofmann on

1 min read

To run SAP Portal on the standard web ports 80 and 443 you should use Web Dispatcher. In that case, WD runs on the privileged ports and SAP Portal / NetWeaver Java / ICM continue to run on their usual 5nnXX ports. Changing the ports directly on ICM of NetWeaver is something I cannot recommend, and you should not do it.

Configuration of ICM

To run NetWeaver on low ports, follow the procedure outlined in SAP Note 421359. ICMBND is the executable that will run at port 443. This file does not exists. To create it, follow the steps outlined in the SAP Note as user root:

  • cd /usr/sap/<SID>/J00/exe
  • cp icmbnd.new icmbnd
  • chown root:sapsys icmbnd
  • chmod 4750 icmbnd
  • ls –al icmbnd

The super user bit is now set. With this, the executable can now “act” as being root and listen on port 443. The instance profile must now be changed to include the new ICM parameters to bind to port 443 for HTTPS and to use the external program icmbnd for doing that.

Currently the port configuration may look like this:

After the change

Note: The parameter exe/icmbnd should not be needed as long as the binary resides in the normal place. I added it here to show how the parameter looks when configured.

Restart SAP system: stopsap; startsap.

Result

NetWeaver is now listening on port 443.

 

Default configuration is that NetWeaver first asks the client to provide a certificate and if none is given, proceeds with the normal authentication defined in logon profile.

This can be disabled be setting the parameter VCLIENT=0 in the instance profile:

icm/server_port_4=HTTPS,PORT=443,SSLCONFIG=ssl_config_4,EXTBIND=1,VCLIENT=0

Links

Let the world know

Tobias Hofmann

Doing stuff with SAP since 1998. Open, web, UX, cloud. I am not a Basis guy, but very knowledgeable about Basis stuff, as it's the foundation of everything I do (DevOps). Performance is king, and unit tests is something I actually do. Developing HTML5 apps when HTML5 wasn't around. HCP/SCP user since 2012, NetWeaver since 2002, ABAP since 1998.

1 Comment

billiga hotell · July 7, 2015 at 00:56

I coսldn’t refrаin fгom commenting. Perfectly written!

Leave a Reply to billiga hotell Cancel reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.