Administration When Using X.509 Client
Certificates
For access to SAP systems that use a Web-based frontend (for example, Web Dynpro or SAP GUI for HTML) you can use the Secure Sockets Layer (SSL) protocol client certificates for client or user authentication. The authentication takes place using the underlying protocols and no user intervention is necessary, which also provides for a Single Sign-On environment.
Tools
ABAP: Table maintenance (transaction SM30)
J2EE Engine: Key Storage service
Prerequisites
The use of SSL and client certificates is configured on the systems. For more information, see:
·
ABAP:
Configuring
the SAP Web AS for Supporting SSL
·
ABAP:
Configuring
the System for Using X.509 Client Certificates
·
J2EE
Engine:
Configuring the Use of
SSL on the SAP J2EE Engine
·
J2EE
Engine:
Using
Client Certificates for User Authentication
Tasks on Demand
The tasks involved when using client certificates for user authentication are also primarily configuration tasks. The tasks that are occasionally necessary are shown in the table below.
Administrative Tasks when Using Client Certificates
Reason |
Task |
More Information |
Maintain the user’s certificate information |
ABAP:
J2EE Engine: There are several options: · The user maps his or her own certificate. ·
You
· The user’s certificate is stored in an LDAP directory server and you use the corresponding attribute mapping. |
ABAP: None J2EE
Engine:
|
Renewing a user’s certificate |
If the user’s Distinguished Name changed, then you must adjust the mapping entry or re-import the user’s certificate accordingly. |
See the policy provided by the Certification Authority (CA) that issued the user certificate. |
Renewing a server certificate |
ABAP:
J2EE
Engine: Generate a certificate request, send it to the CA, and import the
response. See step 4 in
|
See the policy provided by the CA that issued the server certificate. |
See also:
·
ABAP:
Using X.509 Client
Certificates
·
J2EE
Engine:
Using Client Certificates for User
Authentication