Show TOC

Configuring the AS ABAP to Use X.509 Client CertificatesLocate this document in the navigation structure


The AS ABAP is enabled to use SSL. For more information, see Configuring the AS ABAP for Supporting SSL.


You can use this procedure to enable the use of client certificates for authentication with SAP NetWeaver Application Server (AS) ABAP.


  1. Set the profile parameter icm/HTTPS/verify_client to the value 1 (accept certificates) or 2 (require certificates).


    If you are configuring X.509 certificate logon for message-based authentication with Web services, you do not have to set this parameter.

  2. Restart the IC manager using transaction SMICM.

  3. Maintain the SSL server PSE of the server.

    Use the trust manager (transaction STRUST) and import the root certificate of the issuing CA into the certificate list of this PSE.

  4. Map users to the distinguished names of their certificates.


    We recommend you use rule-based certificate mappings.

    For more information, see Rule-Based Certificate Mapping.

    If you previously used manual mapping in table USREXTID and do not want to migrate to rule-based mapping, you can continue to use the legacy method.

    For more information, see Mapping X.509 Certificates in Table USREXTID.


The AS ABAP can accept X.509 client certificates for user authentication.