You can use this procedure to enable the use of client certificates for authentication with the AS ABAP.
The AS ABAP is enabled to use SSL. For more information, see Configuring the SAP Web AS for Supporting SSL.
1. Set the AS ABAP profile parameter icm/HTTPS/verify_client to the value 1 (accept certificates) or 2 (require certificates) to support the use of client certificates.
If you are configuring X.509 certificate logon for Web services, you do not have to set this parameter.
2. Restart the ICManager (using transaction SMICM).
3. Maintain the server’s SSL server PSE.
Use the trust manager (transaction STRUST) and import the issuing CA’s root certificate into this PSE’s certificate list.
4. Maintain the user mapping in table USREXTID (for example, using the table maintenance transaction SM30, view VUSREXTID).
...
a. Enter the following information in the corresponding fields:
Field |
Value |
Comment |
Type of external ID |
DN |
Enter in the Determine Work Area: Entry dialog. |
Extern.ID |
Distinguished Name as found in the user's certificate. |
|
Serial no. |
Serial number of the certificate: 000 is the default value. |
Optional and not currently checked in the system. |
User |
SAP system user ID |
|
Min. date |
Earliest date on which the certificate is valid for logging on to the system. |
Optional and not currently checked in the system. |
b. Set the Activated indicator to activate the client certificate logon for the user.
You can enter users' data in preparation for using certificates and activate it at a later time.
c. Save the data.
The AS ABAP can accept X.509 client certificates for user authentication.