SAP Web Dispatcher configuration

Hello, I'm trying to configure SAP Web Dispatcher with SSL with re-encryption. I'm not interested in load balancing.

Systems info:

• SAP Web Dispatcher 7.4
• backend NW AS ABAP 7.02

So far, I've done the following:

1- SSL Configuration in backend

a) Setting these parameters:

ssf/name

SAPSECULIB

ssl/ssl_lib

sec/libsapsecu

ssf/ssfapi_lib

icm/HTTPS/verify_client  <---- Should I use 0, 1 or 2? The client should be the SAP Web disp, right? So I guess 2?

icm/server_port_<x>

b) Create Private key and Certificates and generate CSR certificate --> using STRUST

c) Import digitally signed entrust certificates into ABAP AS --> using STRUST

2 - SAP Web Dispatcher Installation and set the normal parameters

3 - Install the SAP Cryptographic Library in the SAP Web Dispatcher

4 - Creating the PSEs and Certificate Requests: SSLS (Server) and SSLC (Client) --> using sapgenpse in SAP Web Dispatcher

5 - Sending the Certificate Requests to a CA (Im using SAP Test SSL)

6 - Importing the Certificate Request Responses --> using sapgenpse in SAP Web Dispatcher

7 - Creating Credentials for the SAP Web Dispatcher  --> using sapgenpse in SAP Web Dispatcher

8 - Setting these parameters in the SAP Web Dispatcher profile for SSL:

DIR_INSTANCE =  <secudir Path>

ssl/ssl_lib =  <secudir Path>sapcrypto.dll

ssl/server_pse = <secudir Path>\SAPSSLS.pse

ssl/client_pse =  <secudir Path>\SAPSSLC.pse

icm/server_port_1 = PROT=HTTPS, PORT=<Port>, TIMEOUT=900

icm/HHTPS/verify_client = 0 --> I dont want clients from the Internet to provide certificate

wdisp/ssl_encrypt = 1

wdisp/ssl_auth = 2

wdisp/ssl_cred = <secudir Path>\SAPSSLC.pse

ms/https_port = <same port set in NW backend>

So far, my questions are the following:

• Am I missing any step?
• Do I have to import the SSLS (PSE) somehow in the NW AS backend? Like in STRUST? or is sufficient with setting those parameters in the SAP Web Dispatcher profile?
• Can I have this scenario (SSL with re-encryption) without setting metadata exchange with SSL?
• Do I have to change any additional parameter in the NW AS backend for this scenario?

Regards,

JAM