Was this page helpful to you?
Do you have any additional feedback?
Configuring the AS ABAP to Use X.509 Client Certificates
You can use this procedure to enable the use of client certificates for authentication with SAP NetWeaver Application Server (AS) ABAP.
The AS ABAP is enabled to use SSL. For more information, see Configuring the AS ABAP for Supporting SSL.
Set the profile parameter icm/HTTPS/verify_client to the value 1 (accept certificates) or 2 (require certificates).
If you are configuring X.509 certificate logon for message-based authentication with Web services, you do not have to set this parameter.End of the note.
Restart the IC manager using transaction SMICM.
Maintain the SSL server PSE of the server.
Use the trust manager (transaction STRUST) and import the root certificate of the issuing CA into the certificate list of this PSE.
Map users to the distinguished names of their certificates.
We recommend you use rule-based certificate mappings.
For more information, see Rule-Based Certificate Mapping.
If you previously used manual mapping in table USREXTID and do not want to migrate to rule-based mapping, you can continue to use the legacy method.
For more information, see Mapping X.509 Certificates in Table USREXTID.End of the recommendation.
The AS ABAP can accept X.509 client certificates for user authentication.
The following content is not part of SAP product documentation. For more information, see the following disclaimer .