Hi Ron,
I show you my web dispatcher set up:
#-----------------------------------------------------------------------
#X.509-Based Logon to NetWeaver AS from SAP Web Dispatcher
#-----------------------------------------------------------------------
ssl/server_pse = /usr/sap/WDT/W00/sec/SAPSSLS.pse
ssl/client_pse = /usr/sap/WDT/W00/sec/SAPSSLC.pse
wdisp/ssl_encrypt=1
wdisp/ssl_auth=2
wdisp/ssl_cred = /usr/sap/WDT/W00/sec/SAPSSLC.pse
icm/HTTPS/forward_ccert_as_header = true
icm/HTTPS/verify_client=1
wdisp/add_clientprotocol_header = true
wdisp/ssl_certhost = <SAP Portal hostname>
#-----------------------------------------------------------------------
#Hostname in the certificate does not match the server name:
#-----------------------------------------------------------------------
wdisp/ssl_ignore_host_mismatch = 1
icm/HTTP/redirect_0 = PREFIX=/irj, FROM=/irj/*, FROMPROT=HTTP, PROT=HTTPS, HOST==<url of the web dispatcher>, PORT=443
icm/HTTP/redirect_1 = PREFIX=/, FROMPROT=HTTP, PROT=HTTPS, TO=/irj, PORT=443
icm/HTTP/redirect_2 = PREFIX=/, FROMPROT=HTTPS, PROT=HTTPS, TO=/irj, PORT=443
icm/HTTP/redirect_3 = PREFIX=/securelogin, FROM=/securelogin/*, FROMPROT=HTTP, PROT=HTTPS, HOST=<url of the web dispatcher>, PORT=443
#-----------------------------------------------------------------------
# Trace activation
#-----------------------------------------------------------------------
icm/trace_secured_data = 1
rdisp/TRACE = 3
#-----------------------
# One WD - Two Systems
#-----------------------
wdisp/system_conflict_resolution = 1
wdisp/system_0 = SID=TS8, MSHOST=<backend ECC hostname>, MSPORT=8114, SRCURL=/sap/;
wdisp/system_1 = SID=WDT, MSHOST=<SAP Portal hostname>, MSPORT=8100, SRCURL=/
I hope that it could be useful for you.
Fabrizio