Transaction WDR_ACF_WLIST: Allowing Certificates to be Saved Using Browsers

To decrypt and use a whitelist, the security certificate of an SAP system must be downloaded on the relevant client computer (see also Distributing Certificates to Client Computers).

However it is also possible to save the certificate locally using a browser. In this way the certificate can then be downloaded to a client computer if no SAP GUI is installed on it.

Activating/Deactivating Standards

Open transaction WDR_ACF_WLIST.
Click the button Allow Saving of Cert. Using Browsers.

With this step you open a dialog with which this special SAP security standard can be activated or deactivated for the relevant SAP system. In the title of the dialog the current activation level for certificate security is displayed:

Sec_Standard

Current Activation Level	Action: Activation	Action: Deactivation
Certificate standard is active: It is not allowed to save the certificate on client computers using the browser.	As the security standard is already active, it is not possible to activate it by clicking on the Activate button.	Clicking theDeactivatebutton terminates the security standard, the certificate can be downloaded to client PCs after closing the dialog using the browser that is installed locally.
Certificate standard is inactive: It is allowed to save the certificate on client computers using the browser.	Clicking the Activate button restores the security standard for the local save procedure of the certificate after closing the dialog.	As the security standard is already inactive, it is not possible to deactivate it by clicking on the Deactivate button.

Current Activation Level

Action:

Activation

Action:

Deactivation

Certificate standard is active:

It is not allowed to save the certificate on client computers using the browser.

As the security standard is already active, it is not possible to activate it by clicking on the Activate button.

Clicking theDeactivatebutton terminates the security standard, the certificate can be downloaded to client PCs after closing the dialog using the browser that is installed locally.

Certificate standard is inactive:

It is allowed to save the certificate on client computers using the browser.

Clicking the Activate button restores the security standard for the local save procedure of the certificate after closing the dialog.

As the security standard is already inactive, it is not possible to deactivate it by clicking on the Deactivate button.

If you have decided to change the current security standard, another popup appears where you have to confirm your decision again.

The security standard of the downloaded procedure is then changed for the security certificate of the server: If it was active at the start and is now inactive and the save process is now permitted using the browser. If at first it was inactive then it is now active and the save process using the browser is no longer permitted.

Result

If the Web Dynpro application WD_ACF_DOWNLOAD_CERTIFCAT is started by either the users themselves or automatically as part of an application, it is now possible to save the certificate using the browser.

The save procedure is visible to the user and requires the user's explicit confirmation by clicking on the Save Certificate button of the related browser dialog. After being downloaded successfully, the local storage path of the certificate is displayed. This path cannot be changed.

Reactivating the Security Standard

If you decide to reactivate the security standard for this SAP system, you must first repeat step 1. On the next dialog screen in step 2, select Activate. It is then no longer possible to save the certificate using the browser, the status emessage in the browser shows a relevant text, and the Save Certificate button is no longer active.