Configuring the AS ABAP to Use X.509 Client Certificates 

Use

You can use this procedure to enable the use of client certificates for authentication with the AS ABAP.

Prerequisites

The AS ABAP is enabled to use SSL. For more information, see Configuring the SAP Web AS for Supporting SSL.

Procedure

       1.      Set the AS ABAP profile parameter icm/HTTPS/verify_client to the value 1 (accept certificates) or 2 (require certificates) to support the use of client certificates.

If you are configuring X.509 certificate logon for Web services, you do not have to set this parameter.

       2.      Restart the ICManager (using transaction SMICM).

       3.      Maintain the server’s SSL server PSE.

Use the trust manager (transaction STRUST) and import the issuing CA’s root certificate into this PSE’s certificate list.

       4.      Maintain the user mapping in table USREXTID (for example, using the table maintenance transaction SM30, view VUSREXTID).

...

                            a.      Enter the following information in the corresponding fields:

Field	Value	Comment
Type of external ID	DN	Enter in the Determine Work Area: Entry dialog.
Extern.ID	Distinguished Name as found in the user's certificate.
Serial no.	Serial number of the certificate: 000 is the default value.	Optional and not currently checked in the system.
User	SAP system user ID
Min. date	Earliest date on which the certificate is valid for logging on to the system.	Optional and not currently checked in the system.

                            b.      Set the Activated indicator to activate the client certificate logon for the user.

You can enter users' data in preparation for using certificates and activate it at a later time.

                            c.      Save the data.

Result

The AS ABAP can accept X.509 client certificates for user authentication.